Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11931
HistoryAug 11, 2020 - 12:00 a.m.

KLA11931 Multiple vulnerabilities in Microsoft Windows

2020-08-1100:00:00
Kaspersky Lab
threats.kaspersky.com
71

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.466 Medium

EPSS

Percentile

97.4%

JSON

Detect date:

08/11/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, , obtain sensitive information, spoof user interface, cause denial of service.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 1709 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 2004 for ARM64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 10 Version 2004 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2012 R2
Windows 10 Version 1909 for 32-bit Systems
Windows 10 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows 10 Version 1709 for 32-bit Systems
Windows Server 2016
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2019
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows Server 2012
Windows 7 for x64-based Systems Service Pack 1
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2019 (Server Core installation)
Windows Server, version 1903 (Server Core installation)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-1492
CVE-2020-1490
CVE-2020-1552
CVE-2020-1553
CVE-2020-1550
CVE-2020-1551
CVE-2020-1556
CVE-2020-1557
CVE-2020-1554
CVE-2020-1558
CVE-2020-1417
CVE-2020-1488
CVE-2020-1489
CVE-2020-1484
CVE-2020-1485
CVE-2020-1486
CVE-2020-1487
CVE-2020-1480
CVE-2020-1566
CVE-2020-1565
CVE-2020-1564
CVE-2020-1562
CVE-2020-1561
CVE-2020-1560
CVE-2020-1578
CVE-2020-1579
CVE-2020-1571
CVE-2020-1574
CVE-2020-1577
CVE-2020-1470
CVE-2020-1473
CVE-2020-1472
CVE-2020-1475
CVE-2020-1474
CVE-2020-1477
CVE-2020-1479
CVE-2020-1478
CVE-2020-1585
CVE-2020-1584
CVE-2020-1587
CVE-2020-1339
CVE-2020-1337
CVE-2020-1509
CVE-2020-1467
CVE-2020-1464
CVE-2020-1383
CVE-2020-1459
CVE-2020-1518
CVE-2020-1519
CVE-2020-1516
CVE-2020-1517
CVE-2020-1515
CVE-2020-1512
CVE-2020-1513
CVE-2020-1510
CVE-2020-1511
CVE-2020-1529
CVE-2020-1528
CVE-2020-1522
CVE-2020-1521
CVE-2020-1520
CVE-2020-1527
CVE-2020-1526
CVE-2020-1525
CVE-2020-1524
CVE-2020-1534
CVE-2020-1535
CVE-2020-1536
CVE-2020-1537
CVE-2020-1530
CVE-2020-1531
CVE-2020-1533
CVE-2020-1466
CVE-2020-1538
CVE-2020-1539
CVE-2020-1377
CVE-2020-1378
CVE-2020-1379
CVE-2020-1541
CVE-2020-1540
CVE-2020-1543
CVE-2020-1542
CVE-2020-1545
CVE-2020-1544
CVE-2020-1547
CVE-2020-1546
CVE-2020-1549
CVE-2020-1548

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2020-14887.0High
CVE-2020-13795.5High
CVE-2020-15377.8Critical
CVE-2020-13835.5High
CVE-2020-14757.8Critical
CVE-2020-15457.8Critical
CVE-2020-15797.8Critical
CVE-2020-14707.8Critical
CVE-2020-15367.8Critical
CVE-2020-15777.8Critical
CVE-2020-15528.0Critical
CVE-2020-15357.8Critical
CVE-2020-14737.0High
CVE-2020-15517.8Critical
CVE-2020-15307.8Critical
CVE-2020-14747.8Critical
CVE-2020-15187.8Critical
CVE-2020-15197.8Critical
CVE-2020-15167.8Critical
CVE-2020-14787.8Critical
CVE-2020-15587.8Critical
CVE-2020-15157.8Critical
CVE-2020-15387.8Critical
CVE-2020-15397.8Critical
CVE-2020-15577.3High
CVE-2020-15547.8Critical
CVE-2020-14725.5High
CVE-2020-15177.8Critical
CVE-2020-14847.8Critical
CVE-2020-14855.5High
CVE-2020-14867.8Critical
CVE-2020-15447.8Critical
CVE-2020-15297.8Critical
CVE-2020-15847.8Critical
CVE-2020-15877.8Critical
CVE-2020-13777.8Critical
CVE-2020-14777.0High
CVE-2020-13397.8Critical
CVE-2020-13377.8Critical
CVE-2020-13787.5Critical
CVE-2020-15647.8Critical
CVE-2020-15627.8Critical
CVE-2020-15137.8Critical
CVE-2020-15417.8Critical
CVE-2020-15407.8Critical
CVE-2020-15437.8Critical
CVE-2020-15427.8Critical
CVE-2020-15347.8Critical
CVE-2020-14647.8Critical
CVE-2020-15467.8Critical
CVE-2020-15477.8Critical
CVE-2020-15207.8Critical
CVE-2020-14897.8Critical
CVE-2020-14927.8Critical
CVE-2020-14907.8Critical
CVE-2020-15537.8Critical
CVE-2020-15507.8Critical
CVE-2020-15567.8Critical
CVE-2020-14175.5High
CVE-2020-14877.8Critical
CVE-2020-14807.8Critical
CVE-2020-15664.2Warning
CVE-2020-15657.5Critical
CVE-2020-15618.8Critical
CVE-2020-15607.8Critical
CVE-2020-15784.7Warning
CVE-2020-15717.3High
CVE-2020-15745.5High
CVE-2020-14797.8Critical
CVE-2020-15858.8Critical
CVE-2020-15097.8Critical
CVE-2020-14597.5Critical
CVE-2020-15127.8Critical
CVE-2020-15105.5High
CVE-2020-15117.8Critical
CVE-2020-15287.8Critical
CVE-2020-15227.8Critical
CVE-2020-15217.8Critical
CVE-2020-15277.8Critical
CVE-2020-15267.8Critical
CVE-2020-15257.8Critical
CVE-2020-15247.8Critical
CVE-2020-15317.8Critical
CVE-2020-15337.8Critical
CVE-2020-14667.8Critical
CVE-2020-15497.8Critical
CVE-2020-15487.8Critical

KB list:

4571692
4571694
4571709
4566782
4571723
4571703
4565349
4571741
4565351
4578013
4601319
4601315
4601345
4601318

Microsoft official advisories:

References

Related

kaspersky 1
mskb 16
openvas 10
nessus 14
avleonov 1
qualysblog 1
threatpost 2
thn 2
krebs 1
securelist 1
checkpoint_advisories 3
prion 46
cve 44
mscve 46
zdi 5
cnvd 2
attackerkb 2
githubexploit 1
cisa_kev 1
kaspersky
kaspersky
KLA11929 Multiple vulnerabilities in Microsoft Products (ESU)
2020-08-11 00:00:00
mskb
mskb
August 11, 2020—KB4571719 (Security-only update)
2020-08-11 07:00:00
August 11, 2020—KB4571723 (Security-only update)
2020-08-11 07:00:00
August 11, 2020—KB4571741 (OS Build 16299.2045)
2020-08-11 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4571703)
2020-08-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4566782)
2020-08-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4565349)
2020-08-12 00:00:00
nessus
nessus
KB4571741: Windows 10 Version 1709 August 2020 Security Update
2020-08-11 00:00:00
KB4565351: Windows 10 Version 1903 and Windows 10 Version 1909 August 2020 Security Update
2020-08-11 00:00:00
KB4571694: Windows 10 Version 1607 and Windows Server 2016 August 2020 Security Update
2020-08-11 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others
2020-08-30 22:13:56
qualysblog
qualysblog
August 2020 Patch Tuesday – 120 Vulnerabilities, 17 Critical, Media Foundation, Windows Codecs, Workstation, Adobe
2020-08-11 19:02:30
threatpost
threatpost
Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
2020-08-11 21:12:29
Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws
2020-08-20 15:39:38
thn
thn
Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked
2020-08-12 12:25:00
Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
2020-08-20 17:06:00
krebs
krebs
Microsoft Patch Tuesday, August 2020 Edition
2020-08-11 20:55:02
securelist
securelist
IT threat evolution Q3 2020. Non-mobile statistics
2020-11-20 10:10:15
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Kernel Elevation of Privilege (CVE-2020-1566)
2020-08-11 00:00:00
Microsoft Windows dnsrlvr.dll Elevation of Privilege (CVE-2020-1584)
2020-08-11 00:00:00
Microsoft Windows Kernel Information Disclosure (CVE-2020-1578)
2020-08-11 00:00:00
prion
prion
Privilege escalation
2020-08-17 19:15:00
Remote code execution
2020-08-17 19:15:00
Privilege escalation
2020-08-17 19:15:00
cve
cve
CVE-2020-1542
2020-08-17 19:15:00
CVE-2020-1519
2020-08-17 19:15:00
CVE-2020-1535
2020-08-17 19:15:00
mscve
mscve
Windows Backup Engine Elevation of Privilege Vulnerability
2020-08-11 07:00:00
Windows UPnP Device Host Elevation of Privilege Vulnerability
2020-08-11 07:00:00
Windows Kernel Elevation of Privilege Vulnerability
2020-08-11 07:00:00
zdi
zdi
Microsoft Windows av1decodermft_store MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-08-14 00:00:00
Microsoft Windows WalletService Race Condition Information Disclosure Vulnerability
2020-08-13 00:00:00
Microsoft Windows WalletService Race Condition Information Disclosure Vulnerability
2020-08-13 00:00:00
cnvd
cnvd
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65601)
2020-08-13 00:00:00
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-73130)
2020-08-13 00:00:00
attackerkb
attackerkb
CVE-2020-1584 - Windows dnsrslvr.dll Elevation of Privilege Vulnerability
2020-08-17 00:00:00
CVE-2020-1464
2020-08-17 00:00:00
githubexploit
githubexploit
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft
2021-04-04 02:56:02
cisa_kev
cisa_kev
Microsoft Windows Spoofing Vulnerability
2021-11-03 00:00:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.466 Medium

EPSS

Percentile

97.4%

JSON
Related for KLA11931
kaspersky1mskb16openvas10nessus14avleonov1qualysblog1threatpost2thn2krebs1securelist1checkpoint_advisories3prion46cve44mscve46zdi5cnvd2attackerkb2githubexploit1cisa_kev1