KLA11876 Multiple vulnerabiltiies in Microsoft Products (ESU)

2019-03-12T00:00:00
ID KLA11876
Type kaspersky
Reporter Kaspersky Lab
Modified 2021-04-22T00:00:00

Description

Detect date:

03/12/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, gain privileges.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows Server, version 1803 (Server Core Installation)
Windows 10 Version 1903 for x64-based Systems
Internet Explorer 9
Windows 10 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2012
ChakraCore
Internet Explorer 11
Windows 10 Version 1803 for ARM64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2016
Windows 10 Version 1709 for x64-based Systems
Windows RT 8.1
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2019 (Server Core installation)
Microsoft Edge (EdgeHTML-based)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 Version 1803 for x64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1709 for 32-bit Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1703 for 32-bit Systems
Internet Explorer 10
Windows Server 2012 R2
Windows Server 2019

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-0754
CVE-2019-0617
CVE-2019-0614
CVE-2019-0775
CVE-2019-0774
CVE-2019-0756
CVE-2019-0755
CVE-2019-0772
CVE-2019-0759
CVE-2019-0690
CVE-2019-0603
CVE-2019-0702
CVE-2019-0703
CVE-2019-0704
CVE-2019-0746
CVE-2019-0767
CVE-2019-0765
CVE-2019-0667
CVE-2019-0666
CVE-2019-0782
CVE-2019-0784
CVE-2019-0683
CVE-2019-0821
CVE-2019-0808
ADV190009

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2019-06677.6Critical
CVE-2019-07464.3Warning
CVE-2019-06667.6Critical
CVE-2019-07822.1Warning
CVE-2019-08087.2High
CVE-2019-07729.3Critical
CVE-2019-07044.0Warning
CVE-2019-07592.1Warning
CVE-2019-07659.3Critical
CVE-2019-07544.9Warning
CVE-2019-07751.9Warning
CVE-2019-07569.3Critical
CVE-2019-06038.5Critical
CVE-2019-07552.1Warning
CVE-2019-06834.3Warning
CVE-2019-06144.3Warning
CVE-2019-07034.0Warning
CVE-2019-08214.0Warning
CVE-2019-07022.1Warning
CVE-2019-06905.5High
CVE-2019-06179.3Critical
CVE-2019-07847.6Critical
CVE-2019-07672.1Warning
CVE-2019-07744.3Warning

KB list:

4489878
4489885
4489880
4489876
4489873
4474419
4507456
4507449
4507452
4507461

Microsoft official advisories: