Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11534
HistoryAug 13, 2019 - 12:00 a.m.

KLA11534 Multiple vulnerabilities in Microsoft Windows

2019-08-1300:00:00
Kaspersky Lab
threats.kaspersky.com
29

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

Detect date:

08/13/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service, spoof user interface, bypass security restrictions.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows 10 Version 1903 for 32-bit Systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2019
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows Server 2012 (Server Core installation)
Windows 10 for x64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1709 for ARM64-based Systems
Windows 8.1 for x64-based systems
Windows Server 2012 R2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 Version 1803 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2012
Windows 10 Version 1903 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1709 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for x64-based Systems Service Pack 1
Microsoft Office 2019 for Mac
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2019 for 32-bit editions
Office 365 ProPlus for 32-bit Systems
Microsoft Office 2019 for 64-bit editions
Office 365 ProPlus for 64-bit Systems
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office 2013 RT Service Pack 1
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server, version 1709 (Server Core Installation)
Windows Server 2016 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server 2019 (Server Core installation)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1143
CVE-2019-0720
CVE-2019-1179
CVE-2019-1175
CVE-2019-1190
CVE-2019-0715
CVE-2019-1174
CVE-2019-1227
CVE-2019-0716
CVE-2019-1176
CVE-2019-1144
CVE-2019-9506
CVE-2019-9513
CVE-2019-1226
CVE-2019-1177
CVE-2019-1186
CVE-2019-9511
CVE-2019-1153
CVE-2019-1147
CVE-2019-1078
CVE-2019-1171
CVE-2019-0714
CVE-2019-1145
CVE-2019-9514
CVE-2019-1187
CVE-2019-1151
CVE-2019-9512
CVE-2019-1146
CVE-2019-1148
CVE-2019-1178
CVE-2019-1180
CVE-2019-1181
CVE-2019-1157
CVE-2019-1163
CVE-2019-0718
CVE-2019-1172
CVE-2019-1155
CVE-2019-0723
CVE-2019-1185
CVE-2019-1149
CVE-2019-1206
CVE-2019-1159
CVE-2019-1188
CVE-2019-1173
CVE-2019-1162
CVE-2019-1150
CVE-2019-1164
CVE-2019-9518
CVE-2019-1222
CVE-2019-1223
CVE-2019-1152
CVE-2019-1198
CVE-2019-1158
CVE-2019-1156
CVE-2019-1225
CVE-2019-1182
CVE-2019-1057
CVE-2019-1224
CVE-2019-0736
CVE-2019-1168
CVE-2019-0965
CVE-2019-0717
CVE-2019-1184
CVE-2019-1183
CVE-2019-1212
CVE-2019-1170
ADV190023

Impacts:

ACE

Related products:

Microsoft Office

CVE-IDS:

CVE-2019-11435.5High
CVE-2019-07208.4Critical
CVE-2019-11797.8Critical
CVE-2019-11757.8Critical
CVE-2019-11907.8Critical
CVE-2019-07156.2High
CVE-2019-11747.8Critical
CVE-2019-12275.5High
CVE-2019-07164.9Warning
CVE-2019-11767.8Critical
CVE-2019-11448.8Critical
CVE-2019-95068.1Critical
CVE-2019-95137.5Critical
CVE-2019-12269.8Critical
CVE-2019-11777.8Critical
CVE-2019-11867.8Critical
CVE-2019-95117.5Critical
CVE-2019-11535.5High
CVE-2019-11477.8Critical
CVE-2019-10785.5High
CVE-2019-11715.5High
CVE-2019-07146.2High
CVE-2019-11458.8Critical
CVE-2019-95147.5Critical
CVE-2019-11708.8Critical
CVE-2019-11877.5Critical
CVE-2019-11518.8Critical
CVE-2019-95127.5Critical
CVE-2019-11467.8Critical
CVE-2019-11485.5High
CVE-2019-11787.8Critical
CVE-2019-11807.8Critical
CVE-2019-11819.8Critical
CVE-2019-11577.8Critical
CVE-2019-11635.5High
CVE-2019-07186.2High
CVE-2019-11724.3Warning
CVE-2019-11557.8Critical
CVE-2019-07236.2High
CVE-2019-11857.8Critical
CVE-2019-11498.8Critical
CVE-2019-12067.5Critical
CVE-2019-11597.8Critical
CVE-2019-11887.8Critical
CVE-2019-11737.8Critical
CVE-2019-12127.5Critical
CVE-2019-11627.8Critical
CVE-2019-11508.8Critical
CVE-2019-11647.8Critical
CVE-2019-95187.5Critical
CVE-2019-12229.8Critical
CVE-2019-12237.5Critical
CVE-2019-11528.8Critical
CVE-2019-11987.3High
CVE-2019-11585.5High
CVE-2019-11838.8Critical
CVE-2019-11567.8Critical
CVE-2019-12257.5Critical
CVE-2019-11829.8Critical
CVE-2019-10578.8Critical
CVE-2019-12247.5Critical
CVE-2019-07369.8Critical
CVE-2019-11687.8Critical
CVE-2019-09658.4Critical
CVE-2019-07176.2High
CVE-2019-11847.8Critical

KB list:

4512516
4511553
4512501
4512497
4512517
4512488
4512508
4512507
4512489
4540673

Microsoft official advisories:

References

Related

mskb 15
openvas 21
nessus 28
kaspersky 1
prion 32
cve 34
qualysblog 2
talosblog 1
threatpost 2
huawei 1
thn 2
redhat 3
fedora 3
suse 2
cloudfoundry 1
ibm 33
nodejsblog 1
myhack58 1
almalinux 1
fortinet 1
oraclelinux 1
freebsd 1
osv 6
ubuntu 1
cert 1
debian 1
altlinux 2
rocky 1
mskb
mskb
August 13, 2019—KB4512482 (Security-only update)
2019-08-13 07:00:00
August 13, 2019—KB4512489 (Security-only update)
2019-08-13 07:00:00
August 13, 2019—KB4512488 (Monthly Rollup)
2019-08-13 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4511553)
2019-08-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4512516)
2019-08-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4512508)
2019-08-14 00:00:00
nessus
nessus
KB4511553: Windows 10 Version 1809 and Windows Server 2019 August 2019 Security Update
2019-08-13 00:00:00
KB4512482: Windows Server 2012 August 2019 Security Update
2019-08-13 00:00:00
KB4512497: Windows 10 August 2019 Security Update
2019-08-13 00:00:00
kaspersky
kaspersky
KLA11989 Multiple vulnerabilities in Microsoft Products (ESU)
2019-08-13 00:00:00
prion
prion
Privilege escalation
2019-08-14 21:15:00
Privilege escalation
2019-08-14 21:15:00
Privilege escalation
2019-08-14 21:15:00
cve
cve
CVE-2019-1180
2019-08-14 21:15:00
CVE-2019-1179
2019-08-14 21:15:00
CVE-2019-1174
2019-08-14 21:15:00
qualysblog
qualysblog
August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns
2019-08-13 18:49:51
Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to Detect and Patch
2019-08-13 23:58:15
talosblog
talosblog
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
2019-08-14 09:55:35
threatpost
threatpost
Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
2019-08-13 20:29:10
HTTP Bugs Open Websites to DoS Attacks
2019-08-15 19:20:38
huawei
huawei
Security Advisory - Four Remote Code Execution Vulnerabilities in Some Microsoft Windows Systems
2019-08-19 00:00:00
thn
thn
4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered
2019-08-13 18:22:00
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
2019-08-14 08:19:00
redhat
redhat
(RHSA-2019:2966) Important: Red Hat Quay v3.1.1 security update
2019-10-03 18:55:15
(RHSA-2019:2955) Important: rh-nodejs8-nodejs security update
2019-10-02 13:56:16
(RHSA-2019:2925) Important: nodejs:10 security update
2019-09-30 07:07:29
fedora
fedora
[SECURITY] Fedora 30 Update: nodejs-10.19.0-1.fc30
2020-02-23 01:09:36
[SECURITY] Fedora 30 Update: nodejs-10.16.3-1.fc30
2019-08-25 00:58:04
[SECURITY] Fedora 29 Update: nodejs-10.16.3-1.fc29
2019-08-25 03:04:17
suse
suse
Security update for nodejs8 (important)
2019-09-11 00:00:00
Security update for nodejs10 (important)
2019-09-11 00:00:00
cloudfoundry
cloudfoundry
Various HTTP2 CVEs: Some Cloud Foundry products are impacted by HTTP denial of service attacks | Cloud Foundry
2019-12-03 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud
2019-10-07 14:32:39
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities
2019-12-17 14:40:53
Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.
2019-10-18 05:05:02
nodejsblog
nodejsblog
August 2019 Security Releases
2019-08-16 00:00:00
myhack58
myhack58
HTTP/2 denial of service attack vulnerability alerts-a vulnerability alert-the black bar safety net
2019-08-14 00:00:00
almalinux
almalinux
Important: nodejs:10 security update
2019-09-30 07:07:29
fortinet
fortinet
HTTP/2 Multiple DoS Attacks (VU#605641)
2019-09-03 00:00:00
oraclelinux
oraclelinux
nodejs:10 security update
2019-09-30 00:00:00
freebsd
freebsd
Node.js -- multiple vulnerabilities
2019-08-16 00:00:00
osv
osv
netty vulnerabilities
2021-06-29 19:18:08
Important: nodejs:10 security update
2019-09-30 07:07:29
Important: nodejs:10 security update
2019-09-30 07:07:29
ubuntu
ubuntu
Netty vulnerabilities
2021-06-29 00:00:00
cert
cert
HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion
2019-08-13 00:00:00
debian
debian
[SECURITY] [DSA 4520-1] trafficserver security update
2019-09-09 20:44:25
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 10.16.3-alt1
2019-08-30 00:00:00
Security fix for the ALT Linux 10 package kubernetes version 1.15.3-alt1
2019-09-26 00:00:00
rocky
rocky
nodejs:10 security update
2019-09-30 07:07:29

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON
Related for KLA11534
mskb15openvas21nessus28kaspersky1prion32cve34qualysblog2talosblog1threatpost2huawei1thn2redhat3fedora3suse2cloudfoundry1ibm33nodejsblog1myhack581almalinux1fortinet1oraclelinux1freebsd1osv6ubuntu1cert1debian1altlinux2rocky1