Lucene search

K
kasperskyKaspersky LabKLA11662
HistoryFeb 11, 2020 - 12:00 a.m.

KLA11662 Multiple vulnerabilities in Microsoft Windows

2020-02-1100:00:00
Kaspersky Lab
threats.kaspersky.com
97

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.54 Medium

EPSS

Percentile

97.6%

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
  2. An elevation of privilege vulnerability in Connected User Experiences and Telemetry Service can be exploited remotely via specially crafted application to gain privileges.
  3. An elevation of privilege vulnerability in Connected Devices Platform Service can be exploited remotely via specially crafted application to gain privileges.
  4. An elevation of privilege vulnerability in Windows Data Sharing Service can be exploited remotely via specially crafted application to gain privileges.
  5. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges.
  6. An elevation of privilege vulnerability in Windows Backup Service can be exploited remotely via specially crafted application to gain privileges.
  7. An elevation of privilege vulnerability in Windows Client License Service can be exploited remotely via specially crafted application to gain privileges.
  8. An information disclosure vulnerability in Windows Modules Installer Service can be exploited remotely via specially crafted application to obtain sensitive information.
  9. A remote code execution vulnerability in LNK can be exploited remotely to execute arbitrary code.
  10. An elevation of privilege vulnerability in Windows Wireless Network Manager can be exploited remotely via specially crafted application to gain privileges.
  11. An information disclosure vulnerability in Windows Network Driver Interface Specification (NDIS) can be exploited remotely via specially crafted application to obtain sensitive information.
  12. An elevation of privilege vulnerability in Windows IME can be exploited remotely via specially crafted application to gain privileges.
  13. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  14. An information disclosure vulnerability in Microsoft Graphics Components can be exploited remotely via specially crafted file to obtain sensitive information.
  15. A remote code execution vulnerability in Windows can be exploited remotely via specially crafted request to execute arbitrary code.
  16. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
  17. An elevation of privilege vulnerability in Windows Search Indexer can be exploited remotely via specially crafted application to gain privileges.
  18. An elevation of privilege vulnerability in Active Directory can be exploited remotely to gain privileges.
  19. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  20. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  21. An elevation of privilege vulnerability in Windows Function Discovery Service can be exploited remotely via specially crafted application to gain privileges.
  22. An elevation of privilege vulnerability in Windows Installer can be exploited remotely via specially crafted application to gain privileges.
  23. An elevation of privilege vulnerability in Windows COM Server can be exploited remotely via specially crafted application to gain privileges.
  24. A security feature bypass vulnerability in Microsoft Secure Boot can be exploited remotely via specially crafted application to bypass security restrictions.
  25. A remote code execution vulnerability in Windows Imaging Library can be exploited remotely via specially crafted file to execute arbitrary code.
  26. An elevation of privilege vulnerability in DirectX can be exploited remotely via specially crafted application to gain privileges.
  27. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to gain privileges.
  28. An information disclosure vulnerability in Win32k can be exploited remotely via specially crafted application to obtain sensitive information.
  29. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges.
  30. A denial of service vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely via specially crafted requests to cause denial of service.
  31. An elevation of privilege vulnerability in Windows Error Reporting Manager can be exploited remotely via specially crafted application to gain privileges.
  32. An information disclosure vulnerability in Windows Key Isolation Service can be exploited remotely via specially crafted application to obtain sensitive information.
  33. An elevation of privilege vulnerability in Windows Error Reporting can be exploited remotely via specially crafted application to gain privileges.
  34. A remote code execution vulnerability in Remote Desktop Services can be exploited remotely to execute arbitrary code.
  35. An elevation of privilege vulnerability in Windows SSH can be exploited remotely via specially crafted application to gain privileges.
  36. A memory corruption vulnerability in Media Foundation can be exploited remotely via specially crafted document to execute arbitrary code.
  37. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely via specially crafted application to obtain sensitive information.
  38. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted application to obtain sensitive information.
  39. An information disclosure vulnerability in Windows can be exploited remotely via specially crafted application to obtain sensitive information.
  40. An information disclosure vulnerability in DirectX can be exploited remotely via specially crafted application to obtain sensitive information.

Original advisories

CVE-2020-0739

CVE-2020-0727

CVE-2020-0742

CVE-2020-0659

CVE-2020-0730

CVE-2020-0703

CVE-2020-0701

CVE-2020-0728

CVE-2020-0729

CVE-2020-0704

CVE-2020-0705

CVE-2020-0707

CVE-2020-0722

CVE-2020-0723

CVE-2020-0720

CVE-2020-0721

CVE-2020-0726

CVE-2020-0746

CVE-2020-0724

CVE-2020-0725

CVE-2020-0662

CVE-2020-0661

CVE-2020-0747

CVE-2020-0667

CVE-2020-0666

CVE-2020-0665

CVE-2020-0740

CVE-2020-0669

CVE-2020-0668

CVE-2020-0734

CVE-2020-0681

CVE-2020-0680

CVE-2020-0683

CVE-2020-0682

CVE-2020-0685

CVE-2020-0672

CVE-2020-0686

CVE-2020-0689

CVE-2020-0743

CVE-2020-0708

CVE-2020-0709

CVE-2020-0657

CVE-2020-0719

CVE-2020-0732

CVE-2020-0750

CVE-2020-0717

CVE-2020-0716

CVE-2020-0715

CVE-2020-0660

CVE-2020-0678

CVE-2020-0679

CVE-2020-0731

CVE-2020-0675

CVE-2020-0676

CVE-2020-0677

CVE-2020-0670

CVE-2020-0671

CVE-2020-0737

CVE-2020-0753

CVE-2020-0752

CVE-2020-0751

CVE-2020-0655

CVE-2020-0757

CVE-2020-0756

CVE-2020-0755

CVE-2020-0738

CVE-2020-0735

CVE-2020-0754

CVE-2020-0792

CVE-2020-0658

CVE-2020-0744

CVE-2020-0691

CVE-2020-0741

CVE-2020-0748

CVE-2020-0698

CVE-2020-0745

CVE-2020-0714

CVE-2020-0749

CVE-2020-0818

CVE-2020-0817

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2020-0739 critical

CVE-2020-0727 critical

CVE-2020-0742 critical

CVE-2020-0659 critical

CVE-2020-0730 high

CVE-2020-0703 critical

CVE-2020-0701 critical

CVE-2020-0728 high

CVE-2020-0729 critical

CVE-2020-0704 critical

CVE-2020-0705 high

CVE-2020-0707 critical

CVE-2020-0722 critical

CVE-2020-0723 critical

CVE-2020-0720 critical

CVE-2020-0721 critical

CVE-2020-0726 critical

CVE-2020-0746 high

CVE-2020-0724 critical

CVE-2020-0725 critical

CVE-2020-0662 critical

CVE-2020-0661 high

CVE-2020-0747 critical

CVE-2020-0667 critical

CVE-2020-0666 critical

CVE-2020-0665 critical

CVE-2020-0740 critical

CVE-2020-0669 critical

CVE-2020-0668 critical

CVE-2020-0734 critical

CVE-2020-0681 critical

CVE-2020-0680 critical

CVE-2020-0683 critical

CVE-2020-0682 critical

CVE-2020-0685 critical

CVE-2020-0672 critical

CVE-2020-0686 critical

CVE-2020-0689 high

CVE-2020-0743 critical

CVE-2020-0708 critical

CVE-2020-0709 critical

CVE-2020-0657 critical

CVE-2020-0719 critical

CVE-2020-0732 critical

CVE-2020-0750 critical

CVE-2020-0717 high

CVE-2020-0716 high

CVE-2020-0715 critical

CVE-2020-0660 critical

CVE-2020-0678 critical

CVE-2020-0679 critical

CVE-2020-0731 critical

CVE-2020-0675 high

CVE-2020-0676 high

CVE-2020-0677 high

CVE-2020-0670 critical

CVE-2020-0671 critical

CVE-2020-0737 critical

CVE-2020-0753 critical

CVE-2020-0752 critical

CVE-2020-0751 high

CVE-2020-0655 critical

CVE-2020-0757 critical

CVE-2020-0756 high

CVE-2020-0755 high

CVE-2020-0738 critical

CVE-2020-0735 critical

CVE-2020-0754 critical

CVE-2020-0792 critical

CVE-2020-0658 high

CVE-2020-0744 high

CVE-2020-0691 critical

CVE-2020-0741 critical

CVE-2020-0748 high

CVE-2020-0698 high

CVE-2020-0745 critical

CVE-2020-0714 high

CVE-2020-0749 critical

CVE-2020-0818 unknown

CVE-2020-0817 unknown

KB list

4537821

4537776

4537794

4532693

4532691

4537762

4537764

4537789

4537803

4537814

4535680

5008223

5008215

5012170

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows 10 Version 1909 for ARM64-based SystemsWindows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows 10 for 32-bit SystemsWindows RT 8.1Windows Server, version 1903 (Server Core installation)Windows 10 Version 1803 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2012 R2Windows 10 Version 1803 for x64-based SystemsWindows Server 2012 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1709 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server 2016Windows Server 2019Windows Server 2012Windows 10 Version 1803 for ARM64-based SystemsWindows 8.1 for x64-based systemsWindows 10 Version 1607 for 32-bit SystemsWindows Server, version 1909 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows 8.1 for 32-bit systemsWindows 10 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)Windows 10 Version 1909 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server, version 1803 (Server Core Installation)

References

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.54 Medium

EPSS

Percentile

97.6%