Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA48845
HistoryApr 11, 2023 - 12:00 a.m.

KLA48845 Multiple vulnerabilities in Microsoft Windows

2023-04-1100:00:00
Kaspersky Lab
threats.kaspersky.com
129
microsoft windows
vulnerabilities
sensitive information
arbitrary code
denial of service
privileges
security restrictions
public exploits
windows 10
windows 11
windows server
kb updates
windows update
control panel
cve-2023.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.956 High

EPSS

Percentile

99.4%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  3. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
  4. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
  5. A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
  6. A remote code execution vulnerability in Windows Network Load Balancing can be exploited remotely to execute arbitrary code.
  7. A remote code execution vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions can be exploited remotely to execute arbitrary code.
  8. A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to execute arbitrary code.
  9. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  10. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  12. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  13. An elevation of privilege vulnerability in Windows CNG Key Isolation Service can be exploited remotely to gain privileges.
  14. A remote code execution vulnerability in DHCP Server Service can be exploited remotely to execute arbitrary code.
  15. A remote code execution vulnerability in Windows Point-to-Point Tunneling Protocol can be exploited remotely to execute arbitrary code.
  16. A remote code execution vulnerability in Layer 2 Tunneling Protocol can be exploited remotely to execute arbitrary code.
  17. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  18. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
  19. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
  20. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  21. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  22. An elevation of privilege vulnerability in Netlogon RPC can be exploited remotely to gain privileges.
  23. A denial of service vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to cause denial of service.
  24. A denial of service vulnerability in Windows Network Address Translation (NAT) can be exploited remotely to cause denial of service.
  25. An elevation of privilege vulnerability in Windows Advanced Local Procedure Call (ALPC) can be exploited remotely to gain privileges.
  26. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
  27. A remote code execution vulnerability in Windows Bluetooth Driver can be exploited remotely to execute arbitrary code.
  28. A security feature bypass vulnerability in Windows Group Policy can be exploited remotely to bypass security restrictions.
  29. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  30. A remote code execution vulnerability in Windows Domain Name Service can be exploited remotely to execute arbitrary code.
  31. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely to obtain sensitive information.
  32. An information disclosure vulnerability in Remote Procedure Call Runtime can be exploited remotely to obtain sensitive information.
  33. A remote code execution vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to execute arbitrary code.
  34. An information disclosure vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to obtain sensitive information.
  35. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  36. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  37. A security feature bypass vulnerability in Windows Boot Manager can be exploited remotely to bypass security restrictions.
  38. A remote code execution vulnerability in Windows Kernel can be exploited remotely to execute arbitrary code.
  39. An elevation of privilege vulnerability in Windows NTLM can be exploited remotely to gain privileges.
  40. An elevation of privilege vulnerability in Windows Registry can be exploited remotely to gain privileges.
  41. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  42. An elevation of privilege vulnerability in Windows Clip Service can be exploited remotely to gain privileges.
  43. An information disclosure vulnerability in Windows DNS Server can be exploited remotely to obtain sensitive information.
  44. A security feature bypass vulnerability in Windows Enroll Engine can be exploited remotely to bypass security restrictions.
  45. A remote code execution vulnerability in Raw Image Extension can be exploited remotely to execute arbitrary code.
  46. A security feature bypass vulnerability in Windows Lock Screen can be exploited remotely to bypass security restrictions.
  47. A remote code execution vulnerability in Windows Point-to-Point Protocol over Ethernet (PPPoE) can be exploited remotely to execute arbitrary code.
  48. An elevation of privilege vulnerability in Windows Remote Procedure Call Service (RPCSS) can be exploited remotely to gain privileges.
  49. An information disclosure vulnerability in Windows Network File System can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2023-28267

CVE-2023-24887

CVE-2023-24883

CVE-2023-28233

CVE-2023-28243

CVE-2023-28244

CVE-2023-28308

CVE-2023-28274

CVE-2023-28221

CVE-2023-28218

CVE-2023-28229

CVE-2023-28249

CVE-2023-28266

CVE-2023-28293

CVE-2023-28231

CVE-2023-24886

CVE-2023-24929

CVE-2023-28237

CVE-2023-28219

CVE-2023-28225

CVE-2023-28275

CVE-2023-28248

CVE-2023-24912

CVE-2023-28236

CVE-2023-28255

CVE-2023-28217

CVE-2023-28216

CVE-2023-24928

CVE-2023-28302

CVE-2023-28227

CVE-2023-28276

CVE-2023-21727

CVE-2023-28307

CVE-2023-28234

CVE-2023-24925

CVE-2023-28223

CVE-2023-28246

CVE-2023-24914

CVE-2023-21729

CVE-2023-21769

CVE-2023-28272

CVE-2023-28306

CVE-2023-28298

CVE-2023-28273

CVE-2023-28269

CVE-2023-28228

CVE-2023-28240

CVE-2023-28238

CVE-2023-28250

CVE-2023-28252

CVE-2023-24931

CVE-2023-28277

CVE-2023-28226

CVE-2023-28232

CVE-2023-28291

CVE-2023-21554

CVE-2023-28271

CVE-2023-28253

CVE-2023-28254

CVE-2023-28268

CVE-2023-28270

CVE-2023-24924

CVE-2023-28305

CVE-2023-28241

CVE-2023-28256

CVE-2023-28235

CVE-2023-28278

CVE-2023-28224

CVE-2023-28222

CVE-2023-24885

CVE-2023-28292

CVE-2023-24927

CVE-2023-24884

CVE-2023-28220

CVE-2023-28297

CVE-2023-28247

CVE-2023-24926

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

Microsoft-Remote-Desktop

CVE list

CVE-2023-28272 critical

CVE-2023-28306 high

CVE-2023-28298 high

CVE-2023-28267 high

CVE-2023-28228 high

CVE-2023-28240 critical

CVE-2023-28238 critical

CVE-2023-28250 critical

CVE-2023-28308 high

CVE-2023-28244 critical

CVE-2023-28252 critical

CVE-2023-28218 high

CVE-2023-24931 critical

CVE-2023-28229 high

CVE-2023-28293 critical

CVE-2023-28231 critical

CVE-2023-28232 critical

CVE-2023-28219 critical

CVE-2023-28275 critical

CVE-2023-21554 critical

CVE-2023-28271 high

CVE-2023-24912 critical

CVE-2023-28254 high

CVE-2023-28253 high

CVE-2023-28268 critical

CVE-2023-28255 high

CVE-2023-28305 high

CVE-2023-28241 critical

CVE-2023-28217 critical

CVE-2023-28216 high

CVE-2023-28302 critical

CVE-2023-28227 critical

CVE-2023-28256 high

CVE-2023-28278 high

CVE-2023-28276 warning

CVE-2023-21727 critical

CVE-2023-28222 high

CVE-2023-28307 high

CVE-2023-28220 critical

CVE-2023-28223 high

CVE-2023-28266 high

CVE-2023-21729 high

CVE-2023-21769 critical

CVE-2023-24887 critical

CVE-2023-24883 high

CVE-2023-28233 critical

CVE-2023-28243 critical

CVE-2023-28274 critical

CVE-2023-28221 high

CVE-2023-28249 high

CVE-2023-24886 critical

CVE-2023-24929 critical

CVE-2023-28237 critical

CVE-2023-28225 critical

CVE-2023-28248 critical

CVE-2023-28236 critical

CVE-2023-24928 critical

CVE-2023-28234 critical

CVE-2023-24925 critical

CVE-2023-28246 critical

CVE-2023-24914 high

CVE-2023-28273 high

CVE-2023-28269 high

CVE-2023-28277 warning

CVE-2023-28226 high

CVE-2023-28291 critical

CVE-2023-28270 high

CVE-2023-24924 critical

CVE-2023-28235 high

CVE-2023-28224 high

CVE-2023-24885 critical

CVE-2023-28292 critical

CVE-2023-24927 critical

CVE-2023-24884 critical

CVE-2023-28297 critical

CVE-2023-28247 critical

CVE-2023-24926 critical

KB list

5022287

5022291

5022286

5022297

5022303

5022289

5022282

5025224

5025230

5025229

5025239

5025221

5025228

5025234

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows 10 Version 22H2 for 32-bit SystemsWindows 10 for x64-based SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows 11 version 21H2 for x64-based SystemsWindows Server 2022Windows 10 Version 21H2 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2016Windows Server 2019Windows 10 Version 21H2 for x64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsRaw Image ExtensionWindows 10 Version 22H2 for ARM64-based SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows Server 2019 (Server Core installation)Remote Desktop client for Windows Desktop

References

Related

nessus 12
openvas 8
mskb 15
kaspersky 1
qualysblog 1
avleonov 1
rapid7blog 1
talosblog 1
wizblog 1
krebs 1
thn 1
malwarebytes 1
cve 27
vulnrichment 8
nvd 25
cvelist 26
prion 29
mscve 31
cnvd 4
zdi 1
zdt 1
githubexploit 1
cisa_kev 1
attackerkb 1
nessus
nessus
KB5025221: Windows 10 Version 20H2 / Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2023)
2023-04-11 00:00:00
KB5025229: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2023)
2023-04-11 00:00:00
KB5025228: Windows 10 Version 1607 and Windows Server 2016 Security Update (April 2023)
2023-04-11 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5025285)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025221)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025228)
2023-04-12 00:00:00
mskb
mskb
April 11, 2023—KB5025239 (OS Build 22621.1555)
2023-04-11 07:00:00
April 11, 2023—KB5025234 (OS Build 10240.19869)
2023-04-11 07:00:00
April 11, 2023—KB5025230 (OS Build 20348.1668)
2023-04-11 07:00:00
kaspersky
kaspersky
KLA48842 Multiple vulnerabilities in Microsoft Products (ESU)
2023-04-11 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday April 2023 Security Update Review
2023-04-12 00:16:25
avleonov
avleonov
Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP
2023-04-27 22:03:04
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56
talosblog
talosblog
Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities
2023-04-11 19:28:27
wizblog
wizblog
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
2023-04-13 19:20:20
krebs
krebs
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
2023-04-12 00:06:51
thn
thn
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
2023-04-12 06:38:00
malwarebytes
malwarebytes
Update now! April’s Patch Tuesday includes a fix for one zero-day
2023-04-12 10:00:00
cve
cve
CVE-2023-28292
2023-04-11 21:15:27
CVE-2023-28291
2023-04-11 21:15:27
CVE-2023-21769
2023-04-11 21:15:17
vulnrichment
vulnrichment
CVE-2023-28292 Raw Image Extension Remote Code Execution Vulnerability
2023-04-11 19:13:19
CVE-2023-28226 Windows Enroll Engine Security Feature Bypass Vulnerability
2023-04-11 19:13:35
CVE-2023-28277 Windows DNS Server Information Disclosure Vulnerability
2023-04-11 19:13:54
nvd
nvd
CVE-2023-28223
2023-04-11 21:15:22
CVE-2023-28291
2023-04-11 21:15:27
CVE-2023-24914
2023-04-11 21:15:19
cvelist
cvelist
CVE-2023-28291 Raw Image Extension Remote Code Execution Vulnerability
2023-04-11 19:13:18
CVE-2023-28297 Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability
2023-04-11 19:13:20
CVE-2023-28234 Windows Secure Channel Denial of Service Vulnerability
2023-04-11 19:13:39
prion
prion
Privilege escalation
2023-04-11 21:15:00
Remote code execution
2023-04-11 21:15:00
Remote code execution
2023-04-11 21:15:00
mscve
mscve
Windows NTLM Elevation of Privilege Vulnerability
2023-04-11 07:00:00
Raw Image Extension Remote Code Execution Vulnerability
2023-04-11 07:00:00
Microsoft Message Queuing Denial of Service Vulnerability
2023-04-11 07:00:00
cnvd
cnvd
Microsoft Windows DNS Remote Code Execution Vulnerability
2023-04-13 00:00:00
Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44303)
2023-04-13 00:00:00
Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44304)
2023-04-13 00:00:00
zdi
zdi
Microsoft Windows Bluetooth BNEP Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-04-11 00:00:00
zdt
zdt
Windows 11 22h2 - Kernel Privilege Elevation Exploit
2023-06-26 00:00:00
githubexploit
githubexploit
Exploit for Sensitive Data Storage in Improperly Locked Memory in Microsoft
2023-09-04 07:48:13
cisa_kev
cisa_kev
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
2023-10-04 00:00:00
attackerkb
attackerkb
CVE-2023-28229
2023-04-11 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.956 High

EPSS

Percentile

99.4%

JSON
Related for KLA48845
nessus12openvas8mskb15kaspersky1qualysblog1avleonov1rapid7blog1talosblog1wizblog1krebs1thn1malwarebytes1cve27vulnrichment8nvd25cvelist26prion29mscve31cnvd4zdi1zdt1githubexploit1cisa_kev1attackerkb1