Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12603
HistoryAug 09, 2022 - 12:00 a.m.

KLA12603 Multiple vulnerabilities in Microsoft Products (ESU)

2022-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
19

9.1 High

AI Score

Confidence

High

0.499 Medium

EPSS

Percentile

97.5%

JSON

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to cause denial of service.
  2. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  4. A remote code execution vulnerability in Windows WebBrowser Control can be exploited remotely to execute arbitrary code.
  5. A remote code execution vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to execute arbitrary code.
  6. A remote code execution vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to execute arbitrary code.
  7. A denial of service vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to cause denial of service.
  8. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  9. An elevation of privilege vulnerability in Microsoft ATA Port Driver can be exploited remotely to gain privileges.
  10. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  11. A remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) can be exploited remotely to execute arbitrary code.
  12. An elevation of privilege vulnerability in Windows Fax Service can be exploited remotely to gain privileges.
  13. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  14. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  15. A denial of service vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to cause denial of service.
  16. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
  17. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to gain privileges.
  19. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
  20. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  21. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
  22. An elevation of privilege vulnerability in Unified Write Filter can be exploited remotely to gain privileges.
  23. An elevation of privilege vulnerability in Windows Digital Media Receiver can be exploited remotely to gain privileges.
  24. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  25. An elevation of privilege vulnerability in Windows Partition Management Driver can be exploited remotely to gain privileges.
  26. A security vulnerability in Windows can be exploited remotely to bypass security restrictions.

Original advisories

CVE-2022-35759

CVE-2022-34690

CVE-2022-35745

CVE-2022-35750

CVE-2022-34708

CVE-2022-35753

CVE-2022-34691

CVE-2022-35751

CVE-2022-34701

CVE-2022-34707

CVE-2022-34713

CVE-2022-35820

CVE-2022-30194

CVE-2022-35744

CVE-2022-34706

CVE-2022-34714

CVE-2022-30133

CVE-2022-35758

CVE-2022-35767

CVE-2022-35769

CVE-2022-35795

CVE-2022-35760

CVE-2022-35768

CVE-2022-35752

CVE-2022-35793

CVE-2022-35747

CVE-2022-35743

CVE-2022-35756

CVE-2022-34702

CVE-2022-35748

CVE-2022-35754

CVE-2022-35755

CVE-2022-35749

CVE-2022-34696

CVE-2022-33670

CVE-2022-34302

CVE-2022-35746

CVE-2022-34301

CVE-2022-34303

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2022-35759 high

CVE-2022-34303 high

CVE-2022-35751 critical

CVE-2022-34707 critical

CVE-2022-30194 critical

CVE-2022-35744 critical

CVE-2022-34714 critical

CVE-2022-34301 high

CVE-2022-35767 critical

CVE-2022-35769 critical

CVE-2022-35795 critical

CVE-2022-35760 critical

CVE-2022-35793 high

CVE-2022-35747 high

CVE-2022-35743 critical

CVE-2022-34702 critical

CVE-2022-34690 high

CVE-2022-35745 critical

CVE-2022-35750 critical

CVE-2022-34708 high

CVE-2022-35753 critical

CVE-2022-34701 critical

CVE-2022-34691 critical

CVE-2022-34302 high

CVE-2022-35746 critical

CVE-2022-34713 critical

CVE-2022-35820 critical

CVE-2022-34696 critical

CVE-2022-33670 critical

CVE-2022-34706 critical

CVE-2022-35754 high

CVE-2022-35748 critical

CVE-2022-30133 critical

CVE-2022-35758 high

CVE-2022-35755 high

CVE-2022-35749 critical

CVE-2022-35768 critical

CVE-2022-35752 critical

CVE-2022-35756 critical

KB list

5016672

5016683

5016684

5016681

5012170

5016686

5016669

5016679

5016676

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2012 R2 (Server Core installation)

References

Related

mskb 15
nessus 13
openvas 7
kaspersky 1
talosblog 2
cert 1
thn 1
redhat 1
oraclelinux 1
almalinux 1
osv 1
intel 1
krebs 1
avleonov 1
malwarebytes 1
qualysblog 2
rapid7blog 1
mscve 33
cvelist 34
prion 32
checkpoint_advisories 5
redhatcve 2
cve 34
zdi 8
mskb
mskb
August 9, 2022—KB5016684 (Security-only update)
2022-10-11 07:00:00
August 9, 2022—KB5016676 (Monthly Rollup)
2022-10-11 07:00:00
August 9, 2022—KB5016681 (Monthly Rollup)
2022-10-11 07:00:00
nessus
nessus
KB5016684: Windows Server 2012 Security Update (August 2022)
2022-08-09 00:00:00
KB5016679: Windows 7 and Windows Server 2008 R2 Security Update (August 2022)
2022-08-09 00:00:00
KB5016683: Windows 8.1 and Windows Server 2012 R2 Security Update (August 2022)
2022-08-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5016681)
2022-08-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5016676)
2022-08-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5016639)
2022-08-10 00:00:00
kaspersky
kaspersky
KLA12602 Multiple vulnerabilities in Microsoft Windows
2022-08-09 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities
2022-08-09 20:44:00
Threat Source newsletter (Aug. 11, 2022) — All of the things-as-a-service
2022-08-11 18:00:00
cert
cert
Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
2022-08-11 00:00:00
thn
thn
Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders
2022-08-12 20:02:00
redhat
redhat
(RHSA-2023:2487) Moderate: fwupd security and bug fix update
2023-05-09 05:12:08
oraclelinux
oraclelinux
fwupd security and bug fix update
2023-05-15 00:00:00
almalinux
almalinux
Moderate: fwupd security and bug fix update
2023-05-09 00:00:00
osv
osv
Moderate: fwupd security and bug fix update
2023-05-09 00:00:00
intel
intel
Intel® NUC Firmware Advisory
2023-11-14 00:00:00
krebs
krebs
Microsoft Patch Tuesday, August 2022 Edition
2022-08-09 23:01:10
avleonov
avleonov
Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities
2022-08-23 00:00:26
malwarebytes
malwarebytes
Update now! Microsoft fixes two zero-days in August's Patch Tuesday
2022-08-10 09:00:00
qualysblog
qualysblog
Introducing Qualys Threat Research Thursdays
2022-09-01 21:00:00
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.
2022-08-09 20:00:00
rapid7blog
rapid7blog
Patch Tuesday - August 2022
2022-08-09 19:34:51
mscve
mscve
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass
2022-08-09 07:00:00
Unified Write Filter Elevation of Privilege Vulnerability
2022-08-09 07:00:00
Microsoft ATA Port Driver Elevation of Privilege Vulnerability
2022-08-09 07:00:00
cvelist
cvelist
CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability
2022-08-09 19:52:22
CVE-2022-35760 Microsoft ATA Port Driver Elevation of Privilege Vulnerability
2022-08-09 19:56:10
CVE-2022-35756 Windows Kerberos Elevation of Privilege Vulnerability
2023-05-31 18:07:07
prion
prion
Input validation
2022-08-26 18:15:00
Privilege escalation
2022-08-09 20:15:00
Privilege escalation
2022-08-09 20:15:00
checkpoint_advisories
checkpoint_advisories
Microsoft HTTP.sys Denial of Service (CVE-2022-35748)
2022-08-09 00:00:00
Microsoft Windows Kerberos Elevation of Privilege (CVE-2022-35756)
2022-08-09 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2022-35750)
2022-08-09 00:00:00
redhatcve
redhatcve
CVE-2022-34302
2022-08-23 14:41:30
CVE-2022-34303
2022-08-23 15:09:56
cve
cve
CVE-2022-35760
2022-08-09 20:15:11
CVE-2022-35756
2023-05-31 19:15:17
CVE-2022-34696
2022-08-09 20:15:10
zdi
zdi
(Pwn2Own) Microsoft Windows vhdmp Driver Improper Authorization Privilege Escalation Vulnerability
2022-08-18 00:00:00
(Pwn2Own) Microsoft Windows cdd Driver Memory Corruption Privilege Escalation Vulnerability
2022-08-18 00:00:00
(Pwn2Own) Microsoft Windows bthport Driver Improper Authorization Local Privilege Escalation Vulnerability
2022-08-18 00:00:00

9.1 High

AI Score

Confidence

High

0.499 Medium

EPSS

Percentile

97.5%

JSON
Related for KLA12603
mskb15nessus13openvas7kaspersky1talosblog2cert1thn1redhat1oraclelinux1almalinux1osv1intel1krebs1avleonov1malwarebytes1qualysblog2rapid7blog1mscve33cvelist34prion32checkpoint_advisories5redhatcve2cve34zdi8