Coverage Released for XZ Utils Supply Chain Attack (CVE-2024-
Coverage Released for XZ Utils Supply Chain Attack (CVE-2024-3094) Summary Tenable has developed and released asset detection, vulnerability detection and Indicator of Compromise (IoC) plugins in response to the backdoor in XZ Utils, a widely used compression library found in multiple Linux distributions. The vulnerability is tracked as CVE-2024-3094 and CISA has issued an alert recommending that developers and users downgrade XZ Utils to an uncompromised version, such as XZ Utils 5.4.6 Stable. Impact Tenable has developed an asset detection plugin (192709) that can be used by our customers to identify and enumerate instances of XZ Utils, vulnerable or not, anywhere in their environment. We have also released a version check plugin, “XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check” (192737), that leverages the initial detection plugin and identifies XZ Utils versions 5.6.0 and 5.6.1 which are known to be potentially vulnerable. Note that this plugin is paranoid because not all instances of the affected versions of XZ Utils are known to be vulnerable to the backdoor. Please refer to the details in the plugin description, the included plugin links, and our Tenable Research FAQ for more information about this evolving vulnerability. Finally, Tenable has provided an IoC Plugin, “Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094)” (192708), which leverages the publicly known indicator of compromise (IoC), coded in NASL, to facilitate scanning at scale with Tenable Products. These three plugins can be used together to provide a comprehensive account of the XZ Utils installed footprint in customer environments and actionable advisement on where to target remediation efforts. Plugins 192709 - Tukaani XZ Utils Installed (Linux / Unix) 192737 - XZ Utils 5.6.0 / 5.6.1 Liblzma Backdoor Check 192708 - Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094) Target Release Date Immediate
Public CVE Portal Data Source Update Target Release Date...
Public CVE Portal Data Source Update Target Release Date August 31, 2023 Change Tenable’s public CVE lookup page, Tenable.com/cve, is changing the underlying content delivery source in an effort to enable sharing CVE information prior to NVD publication. Where available, CVE pages will now also contain links to published Tenable vulnerability guidance. CVEs may no longer contain references to CWEs. In the CPEs tab, CPE values will no longer be listed under their respective vulnerable configuration. Example of the changes is available at https://www.tenable.com/cve/CVE-2023-2868. Impact When looking up CVEs on the public Tenable.com/cve portal, users may notice a change in the user experience. Some data features on CVE pages may be altered as outlined in the paragraph above. Additional Notes Tenable will continue providing updates to the public CVE portal on a best-effort basis.Tenable OT Security Plugin Names and Solutions TARGET...
Tenable OT Security Plugin Names and Solutions TARGET RELEASE DATE Immediate APPLIES TO Tenable OT Security CHANGE Tenable Research has released new names and solutions for a subset of Tenable OT Security plugins to bring more detailed plugin names and comprehensive remediation information. These updates are reflected in the Tenable OT Security product and on the Tenable Plugins site. Depending on the Tenable OT Security version a manual feed update could be required if the “Cloud Updates” is not enabled. IMPACT For each applicable Tenable OT Security plugin, the name provides the vendor name, the device model and the vulnerability class and includes the CVE ID. The solution section is now detailed and a link to the CISA ICS advisory is provided when available. ADDITIONAL RESOURCES Tenable OT Security - Tenable Nessus Plugin Set UpdatesPlugin Pipeline Background As new vulnerabilities are...
Plugin Pipeline Background As new vulnerabilities are discovered and released into the general public domain, Tenable Research promptly publishes plugins containing vulnerability information, recommended remediation actions, and the necessary algorithms to test for the presence of the security issue. Tenable Research has published over 175,000 plugins, covering 70,000+ CVE IDs and 30,000+ Bugtraq IDs. Summary At Tenable, we hold ourselves to the highest standard in delivering the best possible coverage to our customers and use a number of continuously improving processes to prioritize vulnerabilities. In an effort to increase transparency into the content development process, we are excited to announce the release of the Plugin Pipeline, found at www.tenable.com/plugins/pipeline. This new feature enables our customers to browse new plugins that the Tenable Research team prioritizes by CVE, detection status, or keyword search. Additionally, any new plugin coverage marked for pre-release communication will be shown under the Plugins tab for a given CVE on Tenable's CVE portal. Disclaimer: The Plugin Pipeline page does not represent an exhaustive list of plugins for which Tenable Research intends to provide coverage. The decision to surface pre-release information is granted on a per-instance basis by Tenable subject matter experts; in some cases, that includes vetted automation processes. Similarly, this page does not include information for all currently available plugins. For a full list, visit the Plugin Search portal. Detection status Plugins on the Plugin Pipeline page are categorized into one of the following detection statuses: In development: Tenable Research team is actively developing a coverage solution. Pending release: The plugin is in the production build & release pipeline; development and review are complete. Recently published: The plugin has been published on the displayed date. Release Date December 14th, 2022
Tenable Log4Shell Scan Templates Overview Tenable has...
Tenable Log4Shell Scan Templates Overview Tenable has developed the following Nessus, Tenable.sc and Tenable.io, WAS and Agent Scan Templates to streamline our customers’ Log4j vulnerability management efforts. Each of these scan templates packages the recommended scan configurations and plugins to conduct common or repeated Log4j vulnerability scanning activities. Log4Shell Remote Checks This Nessus, Tenable.sc and Tenable.io template provides an external view by assessing your systems from an outside attacker’s perspective. No credentials are required and detection is based on direct remote checks to detect exposure. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins 156014 and 155998 that are included in this template. Log4Shell Vulnerability Ecosystem Use this Nessus, Tenable.sc and Tenable.io template to begin your assessment with the most comprehensive set of plugins. It includes: All plugins for CVE-2021-44228, including the generic local and remote detections Plugin for CVE-2021-45046 Plugin for EOL detection for Log4J v1.x Plugins for software from third party vendors that have patched CVE-2021-44228 in their products This template is dynamic, and will be regularly updated with new plugins developed as third party vendors patch their software. A new plugin 156061 - Log4Shell Ecosystem Wrapper was developed to dynamically include plugins related to the Log4j vulnerabilities into this scan template. It is a wrapper plugin that will be used to keep the template dynamically updated. Details of the plugins that are included in this scan template can be found here - https://www.tenable.com/plugins/nessus/156061 Additionally, this dynamic template is released with the “Hide results from plugins initiated as a dependency” setting disabled ensuring all dependent plugins that do not normally report to show up in the template scan results. Re-scanning at regular intervals is recommended and credentials are required for local plugins. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins included in this template. Log4Shell This Nessus, Tenable.sc and Tenable.io scan template includes generic plugins for detection of CVE-2021-44228 that are based on whether the Log4J library is being used. Credentials are required for local detection. Review https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ for requirements about plugins included in this template. WAS Log4Shell This Tenable WAS scan template includes generic detection of CVE-2021-44228 via direct check and file detection WAS plugins. Agent Log4Shell This Nessus Agent scan template includes 4 local plugins for CVE-2021-44228 detection on Nessus Agent systems. Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.
CVE-2021-44228/CVE-2021-45046 Windows and Linux Mitigation...
CVE-2021-44228/CVE-2021-45046 Windows and Linux Mitigation Audits Summary: In some environments, customers who can’t patch their systems to protect against the Log4j vulnerabilities need a way to evaluate if their systems are using the proper vendor provided workaround mitigation measures for CVE-2021-4228 and CVE-2021-45046. In both of these CVE advisories, the vendor recommends upgrading to a non-vulnerable version, or if users are not able to upgrade they “may remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class” as a workaround. Tenable has developed audits that can evaluate Windows and Linux systems to detect if the workaround mitigation has been applied correctly. Please note, this audit does not assess the current Log4j version level which is the primary vendor recommended mitigation. Since the workaround mitigation for CVE-2021-44228 and CVE-2021-45046 are the same we are providing a single audit file for each OS type. These Tenable Audits complement the currently available Vulnerability Detection and Remote Direct Check Plugins to provide best breadth and depth of coverage for assessing our customers security posture on this emerging threat. Impact: Customers can now detect if Log4j workaround mitigations have been correctly applied on their systems by using the CVE-2021-44228 / CVE-2021-45046 audits. These audits detect and report if the JndiLookup vulnerable classpath resides on Windows and Linux environments which is an indication that the workaround mitigation was not properly implemented. Audits: The following audits can be found here: cve-2021-44228_cve-2021-45046-windows.audit cve-2021-44228_cve-2021-45046-linux.audit Target Release Date: ImmediateTenable Research is providing the following supporting...
Tenable Research is providing the following supporting information about the 31 NASL detection plugins and two WAS plugin recently released in response to a critical vulnerability reported in Log4j (Log4Shell). As a reminder, it is recommended that thorough_tests are enabled for all scans using these CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, and CVE-2021-45105 plugins. NASL plugins 156183 Apache Log4j 2.x < 2.17.0 DoS Version check for known vuln Log4j versions related to CVE-2021-45105 in Windows, Unix and Linux systems 156057 Apache Log4j 2.x < 2.16.0 Version check for known vuln Log4j versions related to CVE-2021-45046 in Windows, Unix and Linux systems 156165 Apache Log4j 2.x < 2.16.0 RCE Version check for known vuln Log4j versions related to CVE-2021-45046 in MacOS systems 156164 Apache Log4Shell CVE-2021-45046 Bypass Remote Code Execution - (Direct Check HTTP) Direct Check compatible with Tenable.io Cloud Scanners and restrictive networks Delivers jndi:ldap crafted payloads including Session, JSession and PHPSession into the HTTP headers and then tracks the injection via DNS when the callback is made. Callback is needed given the nature of the vulnerability wherein the target / victim connects back to the host sending the original request and the host is vulnerable if the callback happens This plugin uses DNS (default port 53) for network communication. The following Apache Log4Shell CVE-2021-44228 Direct Checks share common techniques applied on different ports and protocols. They all share the following attributes: Direct Checks compatible with Tenable.io Cloud Scanners and restrictive networks Callback is needed given the nature of the vulnerability wherein the target / victim connects back to the host sending the original request and the host is vulnerable if the callback happens These plugins DNS (default port 53) for network communication. Delivers jndi:ldap crafted header script to select ports on a scan target and then tracks the injection via DNS when the callback is made CVE-2021-44228 direct check not requiring authentication 156669 Apache Log4Shell RCE detection via callback correlation (Direct Check - MSRPC) 156559 Apache Log4Shell RCE detection via callback correlation (Direct Check - RPCBIND) 156445 Apache Log4Shell RCE detection via callback correlation (Direct Check - PPTP) 156375 Apache Log4Shell RCE detection via callback correlation (Direct Check - UPnP) 156258 Apache Log4Shell RCE detection via callback correlation (Direct Check - NTP) 156257 Apache Log4Shell RCE detection via callback correlation (Direct Check - DNS) 156256 Apache Log4Shell RCE detection via callback correlation (Direct Check - SNMP) 156232 Apache Log4Shell RCE detection via callback correlation (Direct Check - SMB) 156197 Apache Log4Shell RCE detection via callback correlation (Direct Check - NetBIOS) 156166 Apache Log4Shell RCE detection via callback correlation (Direct Check - SSH) 156162 Apache Log4Shell RCE detection via callback correlation (Direct Check - Telnet) 156158 Apache Log4Shell RCE detection via callback correlation (Direct Check - IMAP) 156157 Apache Log4Shell RCE detection via callback correlation (Direct Check - POP3) 156132 Apache Log4Shell RCE detection via callback correlation (Direct Check - SMTP) 156115 Apache Log4Shell RCE detection via callback correlation (Direct Check - FTP) 156056 Apache Log4Shell RCE detection via callback correlation (Direct Check - any open port) 156035 VMware vCenter Log4Shell (Direct Check HTTP) Delivers jndi:ldap crafted payloads into the HTTP header of VMWare vCenter applications installed on the remote host on a scan target and then tracks the injection via DNS when the callback is made 156017 Apache Log4Shell RCE detection via callback correlation (Direct Check - SIP) 156016 Apache Log4Shell RCE detection via Path Enumeration (Direct Check HTTP) 156014 Apache Log4Shell RCE detection via callback correlation (Direct Check HTTP) CVE-2021-44228 direct check not requiring authentication Direct Check compatible with Tenable.io Cloud Scanners and restrictive networks Injects payload into the HTTP headers and then tracks the injection via DNS when the callback is made Callback is needed given the nature of the vulnerability wherein the target / victim connects back to the host sending the original request and the host is vulnerable if the callback happens This plugin uses DNS (default port 53) for network communication. 155998 Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check) CVE-2021-44228 direct check not requiring authentication Scanner sends jndi:ldap string to target and listens for LDAP BIND request from target It is not compatible with Tenable.io cloud scanners and may fail to return results in certain networks due to firewall rules or interference from other security devices. Callback is needed given the nature of the vulnerability wherein the target / victim connects back to the host sending the original request and the host is vulnerable if the callback happens This plugin uses ephemeral ports 50,000-60,000 for network communication 156001 Apache Log4j JAR Detection (Windows) Local Windows detection **recommend Thorough Tests** Checks running processes for Java instances running with Log4j in classpath and records the file paths Searches the file system for .jar files with known vuln Log4j filename matches (if thorough tests is enabled) 156000 Apache Log4j Installed (Unix) Local Linux detection Checks rpm packages for vulnerable Log4j matches (RedHat, Gentoo, SuSE, etc.) Search the file system paths for known vulnerable Log4j matches (if thorough tests is enabled) 155999 Apache Log4j < 2.15.0 Remote Code Execution Local Linux Detection (uses 156000) Version check for known vuln Log4j versions in Unix and Linux systems 156002 Apache Log4j < 2.15.0 Remote Code Execution Local Windows detection (uses 156001) Version check for known vuln Log4j versions in Windows systems 156032 EOL plugin for Log4j 1.x Apache Log4j version < 1.x End of Life / Unsupported Version Detection 156103 Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender. WAS plugins 113075- Apache Log4j Remote Code Execution (Log4Shell) CVE-2021-44228 direct check not requiring authentication Inject payload into the HTTP headers, POST/GET values, XML, JSON, cookies, etc. and then track the injection via DNS when the callback is made Callback is needed given the nature of the vulnerability wherein the target / victim connects back to the host sending the original request and the host is vulnerable if the callback happens 113076- Apache Log4j Remote Code Execution (Log4Shell) CVE-2021-44228 WAS Log4Shell file detection plugin Scan the web application directories for known vulnerable version of the Log4j installation file and flag the host if found
Apache Log4j Detection Improvements Summary: Since CVE-2021-4
Apache Log4j Detection Improvements Summary: Since CVE-2021-44228 was first announced, Tenable has been working diligently on improving the local detections for Apache Log4j on Windows, Linux, and Unix operating systems based on additional research, testing, telemetry, and customer feedback. These improvements have been released once they were well tested and reviewed due to the urgency and need for Log4j detections. After customer feedback and careful consideration, we have removed the requirement for thorough tests which will lead to less false negatives but will require more resources than scans previously done without thorough tests enabled. The improvements that have been released or will be released shortly include: Apache Log4j Installed (Linux / Unix) (156000) Utilize the ‘locate’ command (if available) over the ‘find’ command Use the same parameters for the ‘find’ command regardless of the thorough tests setting Search for and inspect all Java archive files (JAR, WAR, EAR) that can contain Log4j Does not recursively extract nested Java archive files due to potential performance and resource issues Check the log4j-core JAR file for JndiLookup.class Check running processes if the Log4j JAR was supplied in the command line arguments Expanded package manager checks to additional OSes Fixed a regression that was causing certain 1.x versions to be excluded Increased data collection Optimizations and Agent enablement for scans against macOS hosts Increased timeouts Apache Log4j JAR Detection (Windows) (156001) The file system search was originally performed by an upstream plugin (152357) but has been implemented into 156001 to alway for an optimized file system search for Java archive files (JAR, WAR, EAR) resulting in a considerable performance gain Note that the thorough tests requirement was removed to run the file system search Search for and inspect all Java archive files that can contain the Log4j JAR file Does not recursively extract nested Java archive files due to potential performance and resource issues Check the log4j-core JAR file for JndiLookup.class Tenable is working on and will continue to explore additional enhancements. Impact: Customers should expect to see improved local detection of Apache Log4j potentially resulting in an increase in new vulnerability detections and longer scan times. Note that any scans with plugins 156000, 156001, or that depend on these detection plugins enabled may take longer due to the expanded detection methods. Plugins: Apache Log4j Installed (Linux / Unix) (156000) Apache Log4j JAR Detection (Windows) (156001) Target Release Date: December 22, 2021: Improvements for Apache Log4j JAR Detection (Windows) (156001) - Released in Nessus plugin feed 202112230037 Released December 27, 2021 in Nessus plugin feed 202112280531: Inclusion of WAR and EAR files in Apache Log4j Installed (Linux / Unix) - 156000 JndiLookup.class check in Apache Log4j JAR Detection (Windows) - 156001 The other improvements for Apache Log4j Installed (Linux / Unix) (156000) have been recently or previously released.Detection Plugins Released for Log4J CVE-2021-44228 ...
Detection Plugins Released for Log4J CVE-2021-44228 Summary Tenable has developed and released detection plugins in response to a critical vulnerability reported in Log4j, a Java based logging utility widely used in many applications, cloud services, and websites. The vulnerability is tracked as CVE-2021-44228 and CISA has issued an alert warning that the vulnerability is under active exploitation. Tenable has released scan templates for each of our Tenable products to consolidate CVE-2021-44228 plugins and make running scans for this vulnerability simple and straightforward for our customers. In addition, Tenable.io customers have a new dashboard and a dedicated widget on the Tenable.io main dashboard while Tenable.sc customers have a new dashboard. As new vendor advisory based plugins are developed Tenable will include the plugins in the scan templates on a recurring basis. Impact Tenable customers now have detection plugins to provide initial identification of potentially vulnerable targets that use or contain the Log4j library. As vendor advisories are released for products that contain the Log4j library, Tenable will release plugins specific to each vendor advisory affected by CVE-2021-44228. Changes 5 6 NASL plugins for local and remote detection in Nessus, Tenable.sc and Tenable.io + Nessus Scan Template have been released and are available in the feed. 155998 - Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check) 155999 - Apache Log4j < 2.15.0 Remote Code Execution 156000 - Apache Log4j Installed (Unix) 156001 - Apache Log4j JAR Detection (Windows) 156002 - Apache Log4j < 2.15.0 Remote Code Execution Scan template - Detection of Apache Log4j CVE-2021-44228 ***UPDATE 20:30 SAT 11 DEC 2021*** Direct Check Plugin 155998 has a known limitation when run on cloud scanners or across network firewalls. A 6th plugin has been added to the scan template: 156014 - Apache Log4Shell - CVE-2021-44228 [direct check DNS query] a direct check similar to PluginID: 155998 but designed to work on T.io cloud scanners and restrictive networks. Target Release Date Immediate Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.Scanning with Nessus DCOM Hardening Tenable is updating...
Scanning with Nessus DCOM Hardening Tenable is updating Nessus plugins libraries to allow customers to harden their servers against a Microsoft DCOM authentication bypass vulnerability without impacting scan coverage. In June of this year (2021), Microsoft published KB5004442 in response to CVE-2021-26414, an authentication bypass vulnerability in Windows DCOM components. Microsoft’s knowledge base article describes upcoming changes to the default DCOM authentication level and how users can protect themselves from this vulnerability using a new Windows registry value. Tenable is upgrading the authentication level used by DCOM based plugins so that they will work when targeting servers that are hardened to protect against CVE-2021-26414. With this change, these plugins will continue to work after the default DCOM authentication level has changed. Potential Impacts: Customers may experience slightly longer scan times against Windows targets. Our tests indicate that for these targets, scans may take a little over 2% longer. Only plugins that use WMI for vulnerability detection or to gather information about the host or the scan will be affected. This change will also have a minimal effect on Windows malware scanning. Tenable Plugins Plugin ID Script Name ================================================================================ 69556 Active Directory - Enumerate User Account Policy 60023 ActiveSync Data Collect 150713 Adobe Premiere Elements Installed (Windows) 90427 Amazon Web Services EC2 Instance Metadata Enumeration (Windows) 141262 Apache HTTP Server Installed (Windows) 34096 BIOS Info (WMI) 136761 BitDefender Endpoint Security Tools Detection (Windows) 140578 CBS Removed Package Enumeration (Windows Event Log Tool) 24270 Computer Manufacturer Information (WMI) 24282 Data Execution Prevention (DEP) is Disabled 152357 Detect Unmanaged Software Install Location (Windows) 55472 Device Hostname 139785 DISM Package List (Windows) 71246 Enumerate Local Group Memberships 72684 Enumerate Users via WMI 108711 ESXi Detection via VMWare Tools CMD execution 52668 F-Secure Anti-Virus Detection and Status 138853 F-Secure PSB Computer Protection (Windows) 99170 Google Cloud Platform Compute Engine Instance Metadata Enumeration (Windows) 102992 Intel Active Management Technology (AMT) detection 118238 JAR File Detection for Windows 148499 Java Detection and Identification (Windows) 143590 JFrog Artifactory Installed (Windows) 56467 Last Boot Time (WMI) 24871 Logical Drive Insecure Filesystem Enumeration (WMI) 59275 Malicious Process Detection 87955 McAfee Agent Detection 87923 McAfee Application Control / Change Control Installed 148846 McAfee MVISION Endpoint Security Installed (Windows) 100131 McAfee Security Scan Plus Detection 99172 Microsoft Azure Instance Metadata Enumeration (Windows) 51902 Microsoft System Center Configuration Manager Database Information 137565 Microsoft Windows 7 / Server 2008 R2 ESU Status Check 92370 Microsoft Windows ARP Table 70625 Microsoft Windows AutoRuns Scheduled Tasks 92375 Microsoft Windows Current Sessions 92377 Microsoft Windows Current Users Last Password Change 92371 Microsoft Windows DNS Cache 92372 Microsoft Windows NetBIOS over TCP/IP Info 70329 Microsoft Windows Process Information 70331 Microsoft Windows Process Module Information 70330 Microsoft Windows Process Unique Process Name 34252 Microsoft Windows Remote Listeners Enumeration (WMI) 92373 Microsoft Windows SMB Sessions 40477 Modem Enumeration (WMI) 147021 MySQL Server Installed (Windows) 34220 Netstat Portscanner (WMI) 24272 Network Interfaces Enumeration (WMI) 142481 NVIDIA CUDA Toolkit Installed (Windows) 123686 Oracle Glassfish Installed (Windows) 124651 Oracle Java File Detection for Windows (deprecated) 124175 Oracle MySQL Connectors Installed (Windows) 148845 Palo Alto Cortex XDR Agent Installed (Windows) 57030 Patch Management: Missing updates from SCCM 73636 Patch Management: SCCM Computer Info Initialization 58186 Patch Management: SCCM Report 57029 Patch Management: SCCM Server Settings 146386 PsTools File Detection for Windows 97666 Siemens SIMATIC Logon Authentication Bypass 97667 Siemens SIMATIC Logon Detection 124650 Slack Installed (Windows) 55438 SMB : Disable the C$ and ADMIN$ shares after the scan (WMI) 55437 SMB : Enable the C$ and ADMIN$ shares during the scan (WMI) 42897 SMB Registry : Start the Registry Service during the scan (WMI) 42898 SMB Registry : Stop the Registry Service after the scan (WMI) 24271 SMB Shares File Enumeration (via WMI) 134050 Spring Projects Windows Detection 144455 Start disabled Server Service during the scan (WMI) 144456 Stop the Server Service after the scan (WMI) 50658 Stuxnet Worm Detection (uncredentialed check) 118226 Super Micro Detection (Windows) 101160 Telerik UI for ASP.NET AJAX Installed 24274 USB Drives Enumeration (WMI) 133843 VMware Carbon Black Cloud Endpoint Standard Installed (Windows) 48337 Windows ComputerSystemProduct Enumeration (WMI) 100994 Windows Credential Guard Disabled 131023 Windows Defender Installed 72482 Windows Display Driver Enumeration 24273 Windows OS Not Activated (WMI) 63619 Windows OS Partial Product Key (WMI) 139239 Windows Security Feature Bypass in Secure Boot (BootHole) 152100 Windows SeriousSAM HiveNightmare Registry Read Vulnerability 85736 Windows Store Application Enumeration 25197 Windows Wireless SSID (WMI) 45050 WMI Anti-spyware Enumeration 45051 WMI Antivirus Enumeration 24269 WMI Available 43830 WMI Bluetooth Network Adapter Enumeration 73437 WMI EMET Configuration Enumeration 51187 WMI Encryptable Volume Enumeration 45052 WMI Firewall Enumeration 61797 WMI Firewall Rule Enumeration 71637 WMI IIS ISAPI Extension Enumeration 135860 WMI Not Available 52001 WMI QuickFixEngineering (QFE) Enumeration 51186 WMI Trusted Platform Module Enumeration 44871 WMI Windows Feature Enumeration Target Release Date Immediate
