Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA20154
HistoryJan 10, 2023 - 12:00 a.m.

KLA20154 Multiple vulnerabilities in Microsoft Windows

2023-01-1000:00:00
Kaspersky Lab
threats.kaspersky.com
246

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.113 Low

EPSS

Percentile

95.2%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Windows Layer 2 Tunneling Protocol (L2TP) can be exploited remotely to cause denial of service.
  2. An elevation of privilege vulnerability in Microsoft Cryptographic Services can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Windows Overlay Filter can be exploited remotely to obtain sensitive information.
  4. A remote code execution vulnerability in Windows Layer 2 Tunneling Protocol (L2TP) can be exploited remotely to execute arbitrary code.
  5. An elevation of privilege vulnerability in Windows GDI can be exploited remotely to gain privileges.
  6. An information disclosure vulnerability in Windows Cryptographic can be exploited remotely to obtain sensitive information.
  7. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
  8. A denial of service vulnerability in Windows Internet Key Exchange (IKE) Extension can be exploited remotely to cause denial of service.
  9. A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
  10. A denial of service vulnerability in Windows iSCSI Service can be exploited remotely to cause denial of service.
  11. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  12. A denial of service vulnerability in Windows Netlogon can be exploited remotely to cause denial of service.
  13. An elevation of privilege vulnerability in Windows NTLM can be exploited remotely to gain privileges.
  14. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  15. A remote code execution vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to execute arbitrary code.
  16. An information disclosure vulnerability in Event Tracing for Windows can be exploited remotely to obtain sensitive information.
  17. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Windows SMB Witness Service can be exploited remotely to gain privileges.
  19. A security feature bypass vulnerability in Windows Boot Manager can be exploited remotely to bypass security restrictions.
  20. A denial of service vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to cause denial of service.
  21. A security feature bypass vulnerability in Windows Smart Card Resource Management Server can be exploited remotely to bypass security restrictions.
  22. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.
  23. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  24. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  25. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  26. An elevation of privilege vulnerability in Windows Local Session Manager (LSM) can be exploited remotely to gain privileges.
  27. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  28. A denial of service vulnerability in Remote Procedure Call Runtime can be exploited remotely to cause denial of service.
  29. An elevation of privilege vulnerability in Windows Overlay Filter can be exploited remotely to gain privileges.
  30. An elevation of privilege vulnerability in Windows Advanced Local Procedure Call (ALPC) can be exploited remotely to gain privileges.
  31. An elevation of privilege vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to gain privileges.
  32. An elevation of privilege vulnerability in Windows Backup Service can be exploited remotely to gain privileges.
  33. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Windows Bind Filter Driver can be exploited remotely to gain privileges.
  35. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  36. An elevation of privilege vulnerability in Windows Credential Manager User Interface can be exploited remotely to gain privileges.
  37. An elevation of privilege vulnerability in Windows Task Scheduler can be exploited remotely to gain privileges.
  38. A remote code execution vulnerability in Windows Authentication can be exploited remotely to execute arbitrary code.
  39. An elevation of privilege vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to gain privileges.
  40. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  41. A denial of service vulnerability in Internet Key Exchange (IKE) Protocol can be exploited remotely to cause denial of service.
  42. An information disclosure vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2023-21757

CVE-2023-21730

CVE-2023-21766

CVE-2023-21555

CVE-2023-21532

CVE-2023-21550

CVE-2023-21676

CVE-2023-21758

CVE-2023-21563

CVE-2023-21527

CVE-2023-21772

CVE-2023-21754

CVE-2023-21728

CVE-2023-21679

CVE-2023-21746

CVE-2023-21749

CVE-2023-21732

CVE-2023-21535

CVE-2023-21536

CVE-2023-21774

CVE-2023-21724

CVE-2023-21556

CVE-2023-21559

CVE-2023-21549

CVE-2023-21552

CVE-2023-21683

CVE-2023-21560

CVE-2023-21557

CVE-2023-21759

CVE-2023-21739

CVE-2023-21753

CVE-2023-21680

CVE-2023-21773

CVE-2023-21558

CVE-2023-21681

CVE-2023-21771

CVE-2023-21546

CVE-2023-21765

CVE-2023-21525

CVE-2023-21767

CVE-2023-21674

CVE-2023-21537

CVE-2023-21675

CVE-2023-21760

CVE-2023-21750

CVE-2023-21551

CVE-2023-21548

CVE-2023-21752

CVE-2023-21542

CVE-2023-21733

CVE-2023-21543

CVE-2023-21776

CVE-2023-21726

CVE-2023-21677

CVE-2023-21541

CVE-2023-21561

CVE-2023-21747

CVE-2023-21748

CVE-2023-21539

CVE-2023-21524

CVE-2023-21678

CVE-2023-21768

CVE-2023-21547

CVE-2023-21755

CVE-2023-21540

CVE-2023-21682

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-8

Windows-RT

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2023-21757 critical

CVE-2023-21730 critical

CVE-2023-21766 warning

CVE-2023-21555 critical

CVE-2023-21532 high

CVE-2023-21550 high

CVE-2023-21676 critical

CVE-2023-21758 critical

CVE-2023-21563 high

CVE-2023-21527 critical

CVE-2023-21772 critical

CVE-2023-21754 critical

CVE-2023-21728 critical

CVE-2023-21679 critical

CVE-2023-21746 critical

CVE-2023-21749 critical

CVE-2023-21732 critical

CVE-2023-21535 critical

CVE-2023-21536 warning

CVE-2023-21774 critical

CVE-2023-21724 critical

CVE-2023-21556 critical

CVE-2023-21559 high

CVE-2023-21549 critical

CVE-2023-21552 critical

CVE-2023-21683 critical

CVE-2023-21560 high

CVE-2023-21557 critical

CVE-2023-21759 warning

CVE-2023-21739 high

CVE-2023-21753 high

CVE-2023-21680 critical

CVE-2023-21773 critical

CVE-2023-21558 critical

CVE-2023-21681 critical

CVE-2023-21771 high

CVE-2023-21546 critical

CVE-2023-21765 critical

CVE-2023-21525 high

CVE-2023-21767 critical

CVE-2023-21674 critical

CVE-2023-21537 critical

CVE-2023-21675 critical

CVE-2023-21760 high

CVE-2023-21750 high

CVE-2023-21551 critical

CVE-2023-21548 critical

CVE-2023-21752 high

CVE-2023-21542 high

CVE-2023-21733 high

CVE-2023-21543 critical

CVE-2023-21776 high

CVE-2023-21726 critical

CVE-2023-21677 critical

CVE-2023-21541 critical

CVE-2023-21561 critical

CVE-2023-21747 critical

CVE-2023-21748 critical

CVE-2023-21539 critical

CVE-2023-21524 critical

CVE-2023-21678 critical

CVE-2023-21768 critical

CVE-2023-21547 critical

CVE-2023-21755 critical

CVE-2023-21540 high

CVE-2023-21682 high

KB list

5022287

5022291

5022286

5022297

5022352

5022303

5022346

5022289

5022282

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows 8.1 for x64-based systemsWindows Server 2022 (Server Core installation)Windows 10 Version 21H2 for x64-based SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 8.1 for 32-bit systemsWindows Server 2016 (Server Core installation)Windows 11 Version 22H2 for x64-based SystemsWindows RT 8.1Windows Server 2019Windows 10 Version 22H2 for x64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2016Windows 10 Version 21H2 for 32-bit SystemsWindows Server 2022Windows Server 2019 (Server Core installation)Windows 11 Version 22H2 for ARM64-based Systems

References

Related

openvas 7
mskb 15
kaspersky 1
nessus 11
talosblog 1
qualysblog 1
rapid7blog 1
avleonov 1
mscve 26
thn 1
malwarebytes 1
krebs 1
nvd 25
cve 28
cvelist 30
githubexploit 9
metasploit 1
prion 29
vulnrichment 5
attackerkb 1
packetstorm 1
zdt 1
cnvd 1
zdi 1
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5022338)
2023-01-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5022297)
2023-01-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5022286)
2023-01-11 00:00:00
mskb
mskb
January 10, 2023—KB5022291 (OS Build 20348.1487)
2023-04-11 07:00:00
January 10, 2023—KB5022339 (Security-only update)
2023-01-10 08:00:00
January 10, 2023—KB5022338 (Monthly Rollup)
2023-01-10 08:00:00
kaspersky
kaspersky
KLA20158 Multiple vulnerabilities in Microsoft Products (ESU)
2023-01-10 00:00:00
nessus
nessus
KB5022286: Windows 10 version 1809 / Windows Server 2019 Security Update (January 2023)
2023-01-10 00:00:00
KB5022303: Windows 11 Security Update (January 2023)
2023-01-10 00:00:00
KB5022339: Windows Server 2008 R2 Security Update (January 2023)
2023-01-10 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities
2023-01-10 19:18:00
qualysblog
qualysblog
The January 2023 Patch Tuesday Security Update Review
2023-01-10 21:09:08
rapid7blog
rapid7blog
Patch Tuesday - January 2023
2023-01-10 22:32:55
avleonov
avleonov
Microsoft Patch Tuesday January 2023: ALPC EoP, Win Backup EoP, LocalPotato, Exchange, Remote RCEs
2023-01-13 14:14:26
mscve
mscve
Windows SMB Witness Service Elevation of Privilege Vulnerability
2023-01-10 08:00:00
Event Tracing for Windows Information Disclosure Vulnerability
2023-01-10 08:00:00
Event Tracing for Windows Information Disclosure Vulnerability
2023-01-10 08:00:00
thn
thn
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
2023-01-11 05:32:00
malwarebytes
malwarebytes
Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability
2023-01-12 04:00:00
krebs
krebs
Microsoft Patch Tuesday, January 2023 Edition
2023-01-10 22:28:55
nvd
nvd
CVE-2023-21753
2023-01-10 22:15:18
CVE-2023-21771
2023-01-10 22:15:19
CVE-2023-21767
2023-01-10 22:15:19
cve
cve
CVE-2023-21758
2023-01-10 22:15:18
CVE-2023-21559
2023-01-10 22:15:16
CVE-2023-21768
2023-01-10 22:15:19
cvelist
cvelist
CVE-2023-21758 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
2023-01-10 00:00:00
CVE-2023-21733 Windows Bind Filter Driver Elevation of Privilege Vulnerability
2023-01-10 00:00:00
CVE-2023-21755 Windows Kernel Elevation of Privilege Vulnerability
2023-01-10 00:00:00
githubexploit
githubexploit
Exploit for Untrusted Pointer Dereference in Microsoft
2023-03-10 03:36:52
Exploit for Untrusted Pointer Dereference in Microsoft
2024-05-15 17:42:10
Exploit for Untrusted Pointer Dereference in Microsoft
2023-03-22 07:24:36
metasploit
metasploit
Ancillary Function Driver (AFD) for WinSock Elevation of Privilege
2023-03-27 18:08:22
prion
prion
Privilege escalation
2023-01-10 22:15:00
Privilege escalation
2023-01-10 22:15:00
Denial of service
2023-01-10 22:15:00
vulnrichment
vulnrichment
CVE-2023-21771 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
2023-01-10 00:00:00
CVE-2023-21767 Windows Overlay Filter Elevation of Privilege Vulnerability
2023-01-10 00:00:00
CVE-2023-21765 Windows Print Spooler Elevation of Privilege Vulnerability
2023-01-10 00:00:00
attackerkb
attackerkb
CVE-2023-21768
2023-01-10 00:00:00
packetstorm
packetstorm
Ancillary Function Driver (AFD) For Winsock Privilege Escalation
2023-03-30 00:00:00
zdt
zdt
Windows 11 10.0.22000 - Backup service Privilege Escalation Vulnerability
2023-04-03 00:00:00
cnvd
cnvd
Microsoft Windows Backup Service Elevation of Privilege Vulnerability (CNVD-2023-02699)
2023-01-12 00:00:00
zdi
zdi
Microsoft Windows Installer Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability
2023-01-18 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.113 Low

EPSS

Percentile

95.2%

JSON
Related for KLA20154
openvas7mskb15kaspersky1nessus11talosblog1qualysblog1rapid7blog1avleonov1mscve26thn1malwarebytes1krebs1nvd25cve28cvelist30githubexploit9metasploit1prion29vulnrichment5attackerkb1packetstorm1zdt1cnvd1zdi1