Lucene search

K
kasperskyKaspersky LabKLA11608
HistoryNov 12, 2019 - 12:00 a.m.

KLA11608 Multiple vulnerabilities in Microsoft Windows

2019-11-1200:00:00
Kaspersky Lab
threats.kaspersky.com
124

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

Low

EPSS

0.115

Percentile

95.3%

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges;
  2. An information disclosure vulnerability in DirectWrite can be exploited remotely via specially crafted document to obtain sensitive information;
  3. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service;
  4. A security feature bypass vulnerability in NetLogon can be exploited remotely to bypass security restrictions;
  5. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges;
  6. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  7. An information disclosure vulnerability in Windows TCP/IP can be exploited remotely via specially crafted to obtain sensitive information;
  8. An elevation of privilege vulnerability in Windows Data Sharing Service can be exploited remotely via specially crafted application to gain privileges;
  9. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges;
  10. A remote code execution vulnerability in Microsoft Windows Media Foundation can be exploited remotely via specially crafted to execute arbitrary code;
  11. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges;
  12. A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service;
  13. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  14. An elevation of privilege vulnerability in Microsoft ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges;
  15. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information;
  16. An elevation of privilege vulnerability in Windows AppX Deployment Extensions can be exploited remotely via specially crafted application to gain privileges;
  17. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information;
  18. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges;
  19. An information disclosure vulnerability in Windows Modules Installer Service can be exploited remotely via specially crafted application to obtain sensitive information;
  20. A remote code execution vulnerability in Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code;
  21. An information disclosure vulnerability in Windows Remote Procedure Call can be exploited remotely via specially crafted application to obtain sensitive information;
  22. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code;
  23. An information disclosure vulnerability in Microsoft Windows can be exploited remotely via specially crafted application to obtain sensitive information;
  24. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges;
  25. An elevation of privilege vulnerability in Microsoft splwow64 can be exploited remotely to gain privileges;
  26. A security feature bypass vulnerability in Microsoft Windows can be exploited remotely via specially crafted authentication to bypass security restrictions;
  27. A remote code execution vulnerability in OpenType Font Parsing can be exploited remotely via specially crafted to execute arbitrary code;
  28. An information disclosure vulnerability in OpenType Font Driver can be exploited remotely via specially crafted fonts to obtain sensitive information;
  29. An elevation of privilege vulnerability in Windows Subsystem for Linux can be exploited remotely via specially crafted application to gain privileges;
  30. An elevation of privilege vulnerability in Windows Certificate Dialog can be exploited remotely via specially crafted application to gain privileges;
  31. An elevation of privilege vulnerability in Windows UPnP Service can be exploited remotely via specially crafted script to gain privileges;
  32. An information disclosure vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to obtain sensitive information;

Original advisories

CVE-2019-1415

CVE-2019-1411

CVE-2019-0712

CVE-2019-1424

CVE-2019-1399

CVE-2019-1396

CVE-2019-1395

CVE-2019-1439

CVE-2019-1309

CVE-2019-1324

CVE-2019-1417

CVE-2019-1420

CVE-2019-1430

CVE-2019-1454

CVE-2018-12207

CVE-2019-1406

CVE-2019-1382

CVE-2019-1391

CVE-2019-11135

CVE-2019-1383

CVE-2019-1385

CVE-2019-1394

CVE-2019-1434

CVE-2019-1440

CVE-2019-1310

CVE-2019-1433

CVE-2019-1418

CVE-2019-0721

CVE-2019-1432

CVE-2019-1409

CVE-2019-1437

CVE-2019-1389

CVE-2019-1393

CVE-2019-1381

CVE-2019-1392

CVE-2019-1436

CVE-2019-0719

CVE-2019-1380

CVE-2019-1384

CVE-2019-1419

CVE-2019-1408

CVE-2019-1456

CVE-2019-1412

CVE-2019-1397

CVE-2019-1398

CVE-2019-1379

CVE-2019-1416

CVE-2019-1388

CVE-2019-1405

CVE-2019-1374

CVE-2019-1438

CVE-2019-1435

CVE-2019-1423

CVE-2019-1422

CVE-2019-1407

ADV190024

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2019-1415 warning

CVE-2019-1411 warning

CVE-2019-0712 high

CVE-2019-1424 high

CVE-2019-1399 high

CVE-2019-1396 high

CVE-2019-1395 high

CVE-2019-1439 warning

CVE-2019-1309 high

CVE-2019-1324 warning

CVE-2019-1417 warning

CVE-2019-1420 warning

CVE-2019-1430 critical

CVE-2019-1454 warning

CVE-2018-12207 warning

CVE-2019-1406 critical

CVE-2019-1382 warning

CVE-2019-1391 warning

CVE-2019-11135 warning

CVE-2019-1383 warning

CVE-2019-1385 high

CVE-2019-1394 high

CVE-2019-1434 high

CVE-2019-1440 warning

CVE-2019-1310 high

CVE-2019-1433 high

CVE-2019-1418 warning

CVE-2019-0721 critical

CVE-2019-1432 warning

CVE-2019-1409 warning

CVE-2019-1437 high

CVE-2019-1389 critical

CVE-2019-1393 high

CVE-2019-1381 warning

CVE-2019-1392 high

CVE-2019-1436 warning

CVE-2019-0719 critical

CVE-2019-1380 warning

CVE-2019-1384 high

CVE-2019-1419 high

CVE-2019-1408 high

CVE-2019-1456 high

CVE-2019-1412 warning

CVE-2019-1397 critical

CVE-2019-1398 critical

CVE-2019-1379 warning

CVE-2019-1416 warning

CVE-2019-1388 high

CVE-2019-1405 high

CVE-2019-1374 warning

CVE-2019-1438 high

CVE-2019-1435 high

CVE-2019-1423 warning

CVE-2019-1422 warning

CVE-2019-1407 high

KB list

4520010

4520008

4520007

4519998

4520005

4519990

4519985

4517389

4519338

4520011

4520004

4525246

4525243

4524570

4525237

4525232

4525236

4523205

4525241

4525250

4525253

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607 for 32-bit SystemsWindows Server 2016Windows 10 Version 1903 for 32-bit SystemsWindows 8.1 for x64-based systemsWindows Server 2012 R2Windows Server 2008 for 32-bit Systems Service Pack 2Windows 10 for 32-bit SystemsWindows RT 8.1Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1703 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows 10 Version 1709 for ARM64-based SystemsWindows Server 2012Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows 10 Version 1803 for x64-based SystemsWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2019Windows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 7 for 32-bit Systems Service Pack 1Windows 8.1 for 32-bit systemsWindows 10 Version 1903 for x64-based SystemsWindows Server 2012 (Server Core installation)Windows 10 Version 1703 for x64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows Server, version 1709 (Server Core Installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.8

Confidence

Low

EPSS

0.115

Percentile

95.3%