Lucene search

K
kasperskyKaspersky LabKLA11700
HistoryAug 06, 2019 - 12:00 a.m.

KLA11700 OSI vulnerability in Microsoft products (ESU)

2019-08-0600:00:00
Kaspersky Lab
threats.kaspersky.com
40

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

An Information disclosure vulnerability was found in Microsoft Extended Security Updates. Malicious users can exploit this vulnerability to obtain sensitive information.

Original advisories

CVE-2019-1125

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2019-1125 warning

KB list

4507464

4507457

4507448

4507462

4507456

4507449

4507452

4507461

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

  • Windows 10 Version 1903 for 32-bit SystemsWindows Server 2012 R2Windows 10 Version 1703 for x64-based SystemsWindows Server 2019Windows 10 Version 1709 for 32-bit SystemsWindows 8.1 for 32-bit systemsWindows Server 2008 for Itanium-Based Systems Service Pack 2Windows 10 Version 1803 for 32-bit SystemsWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows 10 Version 1709 for ARM64-based SystemsWindows RT 8.1Windows 10 Version 1709 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2012 (Server Core installation)Windows 10 Version 1703 for 32-bit SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows 10 Version 1809 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 8.1 for x64-based systemsWindows 10 Version 1803 for x64-based SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 1803 for ARM64-based SystemsWindows 7 for x64-based Systems Service Pack 1Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 10 for x64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows Server 2016Windows Server, version 1803 (Server Core Installation)

References

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%