Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10601
HistoryNov 11, 2014 - 12:00 a.m.

KLA10601 Multiple vulnerabilities in Microsoft products

2014-11-1100:00:00
Kaspersky Lab
threats.kaspersky.com
3669

8.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Detect date:

11/11/2014

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information.

Affected products:

Windows XP Service pack 3
Windows XP Professional x64 Service Pack 3
Windows Server 2003 x86, x64, Itanium Service Pack 2
Windows Vista x86, x64 Service Pack 2
Windows Server 2008 x86, x64, Itanium Service Pack 2
Windows 7 x86, x64 Service Pack 1
Windows Server 2008 R2 x64, Itanium Service Pacl 1
Windows 8 x86, x64
Windows 8.1 x86, x64
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2014-1816
CVE-2014-6532
CVE-2014-0266
CVE-2014-4076
CVE-2014-6321
CVE-2014-6322
CVE-2014-6324
CVE-2014-1767
CVE-2014-4077
CVE-2014-4074
CVE-2014-1807
CVE-2013-5065
CVE-2014-0300
CVE-2014-0323
CVE-2014-4971
CVE-2014-0301
CVE-2014-0262
CVE-2014-0263
CVE-2014-4115
CVE-2014-4113
CVE-2014-0315
CVE-2014-0316
CVE-2014-0317
CVE-2014-0255
CVE-2014-0318
CVE-2014-4118
CVE-2014-6352
CVE-2014-6332
CVE-2014-0296
CVE-2014-0256
CVE-2014-1811
CVE-2014-0254
CVE-2014-1819
CVE-2014-6355
CVE-2014-2780
CVE-2014-2781
CVE-2014-1812
CVE-2014-4064
CVE-2014-6318
CVE-2014-1814
CVE-2014-4060
CVE-2014-1824
CVE-2014-6317
CVE-2014-4114
CVE-2014-4148

Impacts:

ACE

Related products:

Microsoft Windows Vista

CVE-IDS:

CVE-2014-18164.3Warning
CVE-2014-65329.3Critical
CVE-2014-02667.1High
CVE-2014-40767.2High
CVE-2014-63224.3Warning
CVE-2014-63249.0Critical
CVE-2014-17677.2High
CVE-2014-40779.3Critical
CVE-2014-40747.2High
CVE-2014-18077.2High
CVE-2013-50657.2High
CVE-2014-03007.2High
CVE-2014-03236.6High
CVE-2014-49717.2High
CVE-2014-03019.3Critical
CVE-2014-02627.2High
CVE-2014-02639.3Critical
CVE-2014-41157.2High
CVE-2014-41137.2High
CVE-2014-03156.9High
CVE-2014-03167.5High
CVE-2014-03175.4High
CVE-2014-02555.0Warning
CVE-2014-03187.2High
CVE-2014-41189.3Critical
CVE-2014-63529.3Critical
CVE-2014-63329.3Critical
CVE-2014-02965.1High
CVE-2014-02565.0Warning
CVE-2014-18115.0Warning
CVE-2014-02547.8High
CVE-2014-18197.2High
CVE-2014-63555.0Warning
CVE-2014-27806.9High
CVE-2014-27817.6High
CVE-2014-18129.0Critical
CVE-2014-40644.9Warning
CVE-2014-63184.3Warning
CVE-2014-18147.2High
CVE-2014-40606.8High
CVE-2014-18249.3Critical
CVE-2014-63177.1High
CVE-2014-41149.3Critical
CVE-2014-41489.3Critical

Microsoft official advisories:

KB list:

2966631
2957482
2966061
2939576
2922229
2973201
2975689
2957189
3013126
2969259
2929961
3010788
2984615
2914368
3003743
3002885
2904659
2961858
3005607
2962490
2592687
2966034
2993958
2988948
2961072
2926765
2973932
2962123
2998579
2989935
2973906
2961899
2933826
2962478
2975685
2975684
2916036
2975681
2978742
2933528
2934418
2993254
2978668
2974286
2928120
2991963
2992611
3000869
3011443
2923392
2962488
2918614
2962485
2889913
2912390
2962486
2930275
2919355
2965788
2972280
2962073
2971850
2992719
2993651
3000061
2913602
2976897
2973408
3006226
3011780

Exploitation:

Public exploits exist for this vulnerability.

References

Related

securityvulns 6
thn 4
nessus 20
threatpost 6
mskb 8
openvas 20
packetstorm 18
checkpoint_advisories 15
attackerkb 4
fireeye 6
symantec 14
canvas 3
zdt 12
cve 12
prion 14
huawei 1
cisa_kev 3
f5 2
seebug 7
msrc 1
cert 3
metasploit 2
exploitpack 7
saint 6
vulnerlab 2
hackerone 1
exploitdb 1
kaspersky 1
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2014-05-14 00:00:00
Microsoft Windows multiple security vulnerabilities
2014-03-18 00:00:00
Microsoft Windows security vulnerabilities
2014-01-15 00:00:00
thn
thn
Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild
2014-10-15 01:14:00
Microsoft PowerPoint Vulnerable to Zero-Day Attack
2014-10-22 00:54:00
Microsoft Releases Emergency Out-of-Band Patch for Kerberos Bug MS14-068
2014-11-18 19:20:00
nessus
nessus
MS14-045: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
2014-08-12 00:00:00
MS14-064: Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
2014-11-11 00:00:00
MS14-015: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
2014-03-11 00:00:00
threatpost
threatpost
Firms Detail Zero Days Targeting Windows Kernel
2014-10-15 14:58:13
November 2014 Microsoft Patch Tuesday Security Bulletins
2014-11-11 14:07:38
ThreatList: Exploit Kits Still a Top Web-based Threat
2018-07-02 18:32:00
mskb
mskb
MS14-045: Vulnerabilities in kernel-mode drivers could allow elevation of privilege: August 12, 2014
2014-08-12 00:00:00
MS14-064: Vulnerabilities in Windows OLE could allow remote code execution: November 11, 2014
2014-11-11 00:00:00
MS14-028: Vulnerabilities in iSCSI could allow denial of service: May 13, 2014
2014-05-13 00:00:00
openvas
openvas
Microsoft Windows Kernel-Mode Drivers Privilege Escalation Vulnerabilities (2984615)
2014-08-13 00:00:00
Microsoft Windows OLE Object Handling Code Execution Vulnerabilities (3011443)
2014-11-12 00:00:00
Microsoft Windows Kernel Privilege Escalation Vulnerabilities (2930275)
2014-03-12 00:00:00
packetstorm
packetstorm
MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
2014-11-14 00:00:00
MS14-002 Windows NDProxy Privilege Escalation
2015-08-07 00:00:00
Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
2013-12-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows OLE Remote Code Execution (MS14-060; CVE-2014-4114; CVE-2014-6352)
2014-10-14 00:00:00
Microsoft Windows OLE Remote Code Execution (MS14-060) - ver 2 (CVE-2014-4114; CVE-2014-6352)
2014-10-19 00:00:00
Microsoft Windows Audio Service Elevation of Privilege (MS14-071; CVE-2014-6322)
2014-11-11 00:00:00
attackerkb
attackerkb
Microsoft Internet Explorer Use-After-Free Vulnerability
2014-10-15 00:00:00
CVE-2014-6324 - Microsoft Kerberos Checksum Validation Vulnerability
2014-11-18 00:00:00
CVE-2013-5065 Microsoft NDProxy.sys Privilege Escalation
2013-11-28 00:00:00
fireeye
fireeye
CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis
2019-04-23 17:45:00
GongDa vs. Korean News
2016-03-18 08:30:00
GongDa vs. Korean News
2016-03-18 12:30:00
symantec
symantec
Microsoft Windows Kerberos Checksum CVE-2014-6324 Remote Privilege Escalation Vulnerability
2014-11-11 00:00:00
Microsoft Windows CVE-2014-6322 Remote Privilege Escalation Vulnerability
2014-11-11 00:00:00
Microsoft Windows Graphics Component CVE-2014-6355 Information Disclosure Vulnerability
2014-12-09 00:00:00
canvas
canvas
Immunity Canvas: MS14_068
2014-11-18 23:59:00
Immunity Canvas: MS14_064_IE_OLEAUT32
2014-11-11 22:55:00
Immunity Canvas: MQAC
2014-07-26 15:55:00
zdt
zdt
Windows Kerberos - Elevation of Privilege (MS14-068) Exploit
2014-12-09 00:00:00
The World Browser 3.0 Final - Remote Code Execution Exploit
2015-10-22 00:00:00
Internet Explorer OLE Automation Array Remote Code Execution Exploit
2014-11-13 00:00:00
cve
cve
CVE-2014-6322
2014-11-11 22:55:00
CVE-2014-6355
2014-12-11 00:59:00
CVE-2014-6324
2014-11-18 23:59:00
prion
prion
Design/Logic Flaw
2014-11-11 22:55:00
Code injection
2014-11-11 22:55:00
Information disclosure
2014-12-11 00:59:00
huawei
huawei
Security Advisory - Privilege Elevation Vulnerability in Microsoft Windows Kerberos Key Distribution Center
2020-09-09 00:00:00
cisa_kev
cisa_kev
Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
2022-03-25 00:00:00
Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
2022-03-25 00:00:00
Microsoft Windows Code Injection Vulnerability
2022-02-25 00:00:00
f5
f5
SOL16128 - Microsoft Schannel vulnerability CVE-2014-6321
2015-02-12 00:00:00
K16128 : Microsoft Schannel vulnerability CVE-2014-6321
2015-02-12 00:00:00
seebug
seebug
ESKIMOROLL-ms14-068 Windows vulnerability in the Key Distribution Center (KDC) service (CVE-2014-6324)
2017-04-15 00:00:00
Windows NDPROXY - 本地权限提升漏洞(MS14-002)
2014-07-01 00:00:00
IE Godmode remote code execution vulnerability, CVE-2014-6332)
2017-03-06 00:00:00
msrc
msrc
Additional information about CVE-2014-6324
2014-11-18 08:00:00
cert
cert
Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature
2014-11-18 00:00:00
Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via Internet Explorer
2014-11-13 00:00:00
Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
2014-11-13 00:00:00
metasploit
metasploit
MS14-068 Microsoft Kerberos Checksum Validation Vulnerability
2014-12-22 20:29:02
MS14-064 Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution
2014-11-24 07:25:18
exploitpack
exploitpack
Microsoft Windows - NDPROXY SYSTEM Privilege Escalation (MS14-002)
2013-12-03 00:00:00
Microsoft Internet Explorer 11 - OLE Automation Array Remote Code Execution (1)
2014-11-13 00:00:00
Microsoft Office 20072010 - OLE Arbitrary Command Execution
2014-11-12 00:00:00
saint
saint
Windows OLE Automation Array command execution
2014-11-17 00:00:00
Windows OLE Automation Array command execution
2014-11-17 00:00:00
Windows OLE Automation Array command execution
2014-11-17 00:00:00
vulnerlab
vulnerlab
MS HTA (HTML Application) - Code Execution (MS14-064)
2015-08-15 00:00:00
MS HTA (HTML Application) - Code Execution (MS14-064)
2015-08-15 00:00:00
hackerone
hackerone
Sandbox Escape: Win32k Window Handle Vulnerability (EoP)
2014-01-14 00:00:00
exploitdb
exploitdb
IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution
2015-06-01 00:00:00
kaspersky
kaspersky
KLA10013 OSI vulnerability in multiple Microsoft XML Core Services
2014-06-10 00:00:00

8.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for KLA10601
securityvulns6thn4nessus20threatpost6mskb8openvas20packetstorm18checkpoint_advisories15attackerkb4fireeye6symantec14canvas3zdt12cve12prion14huawei1cisa_kev3f52seebug7msrc1cert3metasploit2exploitpack7saint6vulnerlab2hackerone1exploitdb1kaspersky1