Kaspersky LabKLA11773KLA11773 Multiple vulnerabilities in Microsoft Windows
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.194 Low
EPSS
Percentile
96.2%
Detect date:
05/12/2020
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Windows 10 Version 1803 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows 10 Version 1903 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1709 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server 2012 R2
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1903 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 8.1 for x64-based systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 Version 1803 for ARM64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1909 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2012
Windows 10 Version 1903 for ARM64-based Systems
Windows RT 8.1
Windows 10 Version 1909 for ARM64-based Systems
Windows Server 2016
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2012 R2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1809 for 32-bit Systems
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2020-1145
CVE-2020-1048
CVE-2020-1084
CVE-2020-0963
CVE-2020-1112
CVE-2020-1131
CVE-2020-1118
CVE-2020-1134
CVE-2020-1179
CVE-2020-1136
CVE-2020-0909
CVE-2020-1174
CVE-2020-1113
CVE-2020-1176
CVE-2020-1111
CVE-2020-1116
CVE-2020-1117
CVE-2020-1114
CVE-2020-1156
CVE-2020-1157
CVE-2020-1077
CVE-2020-1155
CVE-2020-1071
CVE-2020-1070
CVE-2020-1055
CVE-2020-1072
CVE-2020-1110
CVE-2020-1079
CVE-2020-1078
CVE-2020-1158
CVE-2020-1090
CVE-2020-1139
CVE-2020-1054
CVE-2020-1190
CVE-2020-1191
CVE-2020-1138
CVE-2020-1143
CVE-2020-1075
CVE-2020-1067
CVE-2020-1125
CVE-2020-1051
CVE-2020-1109
CVE-2020-1126
CVE-2020-1028
CVE-2020-1154
CVE-2020-1123
CVE-2020-1121
CVE-2020-1142
CVE-2020-1021
CVE-2020-1153
CVE-2020-1088
CVE-2020-1144
CVE-2020-1141
CVE-2020-1166
CVE-2020-1165
CVE-2020-1061
CVE-2020-1175
CVE-2020-1081
CVE-2020-1082
CVE-2020-1151
CVE-2020-1149
CVE-2020-1132
CVE-2020-1086
CVE-2020-1087
CVE-2020-1010
CVE-2020-1068
CVE-2020-1140
CVE-2020-1124
CVE-2020-1137
CVE-2020-1184
CVE-2020-1187
CVE-2020-1186
CVE-2020-1189
CVE-2020-1188
CVE-2020-1185
CVE-2020-1164
CVE-2020-1076
CVE-2020-1135
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-11452.1Warning
CVE-2020-10487.2High
CVE-2020-10842.1Warning
CVE-2020-09634.3Warning
CVE-2020-11129.0Critical
CVE-2020-11314.6Warning
CVE-2020-11187.8Critical
CVE-2020-11344.6Warning
CVE-2020-11794.3Warning
CVE-2020-11369.3Critical
CVE-2020-09095.0Warning
CVE-2020-11749.3Critical
CVE-2020-11139.3Critical
CVE-2020-11769.3Critical
CVE-2020-11117.2High
CVE-2020-11162.1Warning
CVE-2020-11179.3Critical
CVE-2020-11147.2High
CVE-2020-11566.8High
CVE-2020-11576.8High
CVE-2020-10774.6Warning
CVE-2020-11556.8High
CVE-2020-10717.2High
CVE-2020-10707.2High
CVE-2020-10554.3Warning
CVE-2020-10722.1Warning
CVE-2020-11107.2High
CVE-2020-10797.2High
CVE-2020-10784.6Warning
CVE-2020-11586.8High
CVE-2020-10904.6Warning
CVE-2020-11396.8High
CVE-2020-10547.2High
CVE-2020-11904.6Warning
CVE-2020-11914.6Warning
CVE-2020-11387.2High
CVE-2020-11437.2High
CVE-2020-10752.1Warning
CVE-2020-10679.0Critical
CVE-2020-11256.8High
CVE-2020-10519.3Critical
CVE-2020-11097.2High
CVE-2020-11269.3Critical
CVE-2020-10289.3Critical
CVE-2020-11547.2High
CVE-2020-11232.1Warning
CVE-2020-11217.2High
CVE-2020-11427.2High
CVE-2020-10214.6Warning
CVE-2020-11539.3Critical
CVE-2020-10884.6Warning
CVE-2020-11444.6Warning
CVE-2020-11412.1Warning
CVE-2020-11667.2High
CVE-2020-11657.2High
CVE-2020-10619.3Critical
CVE-2020-11759.3Critical
CVE-2020-10817.2High
CVE-2020-10824.6Warning
CVE-2020-11516.8High
CVE-2020-11496.8High
CVE-2020-11327.2High
CVE-2020-10864.6Warning
CVE-2020-10874.6Warning
CVE-2020-10107.2High
CVE-2020-10687.2High
CVE-2020-11407.2High
CVE-2020-11244.6Warning
CVE-2020-11377.2High
CVE-2020-11844.6Warning
CVE-2020-11874.6Warning
CVE-2020-11864.6Warning
CVE-2020-11894.6Warning
CVE-2020-11884.6Warning
CVE-2020-11854.6Warning
CVE-2020-11646.8High
CVE-2020-10762.1Warning
CVE-2020-11357.2High
KB list:
4556799
4556846
4556840
4556826
4556813
4556812
4551853
4556807
4556852
4556853
Microsoft official advisories:
References
support.microsoft.com/kb/4551853
support.microsoft.com/kb/4556799
support.microsoft.com/kb/4556807
support.microsoft.com/kb/4556812
support.microsoft.com/kb/4556813
support.microsoft.com/kb/4556826
support.microsoft.com/kb/4556840
support.microsoft.com/kb/4556846
support.microsoft.com/kb/4556852
support.microsoft.com/kb/4556853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1136
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1149
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1151
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1156
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1164
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1165
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1179
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1184
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1185
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1186
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1191
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0909
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0963
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1010
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1021
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1028
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1048
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1051
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1054
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1055
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1061
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1067
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1068
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1070
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1071
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1072
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1075
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1076
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1077
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1078
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1079
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1081
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1082
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1084
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1086
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1087
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1088
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1090
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1109
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1110
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1111
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1112
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1113
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1114
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1116
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1117
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1118
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1121
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1123
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1124
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1125
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1126
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1131
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1132
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1134
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1135
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1136
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1137
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1138
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1139
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1140
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1141
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1142
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1143
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1144
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1145
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1149
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1151
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1153
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1154
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1155
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1156
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1157
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1158
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1164
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1165
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1166
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1174
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1175
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1176
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1179
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1184
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1185
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1186
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1187
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1188
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1189
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1190
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1191
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
Related
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.194 Low
EPSS
Percentile
96.2%