Lucene search

K
kasperskyKaspersky LabKLA11989
HistoryAug 13, 2019 - 12:00 a.m.

KLA11989 Multiple vulnerabilities in Microsoft Products (ESU)

2019-08-1300:00:00
Kaspersky Lab
threats.kaspersky.com
30

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.902

Percentile

98.8%

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  2. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely via specially crafted document to obtain sensitive information.
  3. A remote code execution vulnerability in Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code.
  4. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service.
  5. A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service.
  6. A remote code execution vulnerability in Microsoft Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code.
  7. A security UI vulnerability in Bluetooth BR/EDR specification can be exploited remotely to spoof user interface.
  8. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges.
  9. An information disclosure vulnerability in Microsoft Graphics Component can be exploited remotely via specially crafted application to obtain sensitive information.
  10. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code.
  11. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges.
  12. A denial of service vulnerability in XmlLite Runtime can be exploited remotely via specially crafted requests to cause denial of service.
  13. A remote code execution vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to execute arbitrary code.
  14. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely via specially crafted application to gain privileges.
  15. A denial of service vulnerability in Windows DHCP Server can be exploited remotely via specially crafted packets to cause denial of service.
  16. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely via specially crafted application to gain privileges.
  17. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information.
  18. A remote code execution vulnerability in MS XML can be exploited remotely via specially crafted website to execute arbitrary code.
  19. A remote code execution vulnerability in Windows DHCP Client can be exploited remotely via specially crafted to execute arbitrary code.
  20. An elevation of privilege vulnerability in Microsoft Windows p2pimsvc can be exploited remotely via specially crafted application to gain privileges.
  21. A remote code execution vulnerability in Remote Desktop Services can be exploited remotely via specially crafted packets to execute arbitrary code.

Original advisories

CVE-2019-1194

CVE-2019-1133

CVE-2019-1143

CVE-2019-0720

CVE-2019-0715

CVE-2019-0716

CVE-2019-1144

CVE-2019-9506

CVE-2019-1154

CVE-2019-1177

CVE-2019-1153

CVE-2019-1147

CVE-2019-1078

CVE-2019-0714

CVE-2019-1169

CVE-2019-1145

CVE-2019-1187

CVE-2019-1151

CVE-2019-1146

CVE-2019-1148

CVE-2019-1178

CVE-2019-1157

CVE-2019-1213

CVE-2019-1155

CVE-2019-0723

CVE-2019-1149

CVE-2019-1159

CVE-2019-1212

CVE-2019-1162

CVE-2019-1150

CVE-2019-1164

CVE-2019-1152

CVE-2019-1158

CVE-2019-1156

CVE-2019-1228

CVE-2019-1057

CVE-2019-0736

CVE-2019-1168

CVE-2019-1206

CVE-2019-0718

CVE-2019-1172

CVE-2019-1182

CVE-2019-1181

CVE-2019-1180

ADV190023

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2019-1194 critical

CVE-2019-1133 critical

CVE-2019-1143 high

CVE-2019-0720 critical

CVE-2019-0715 high

CVE-2019-0716 warning

CVE-2019-1144 critical

CVE-2019-9506 critical

CVE-2019-1154 high

CVE-2019-1177 critical

CVE-2019-1153 high

CVE-2019-1147 critical

CVE-2019-1078 high

CVE-2019-0714 high

CVE-2019-1169 critical

CVE-2019-1145 critical

CVE-2019-1187 critical

CVE-2019-1151 critical

CVE-2019-1146 critical

CVE-2019-1148 high

CVE-2019-1178 critical

CVE-2019-1180 critical

CVE-2019-1181 critical

CVE-2019-1157 critical

CVE-2019-1213 critical

CVE-2019-0718 high

CVE-2019-1172 warning

CVE-2019-1155 critical

CVE-2019-0723 high

CVE-2019-1149 critical

CVE-2019-1206 critical

CVE-2019-1159 critical

CVE-2019-1212 critical

CVE-2019-1162 critical

CVE-2019-1150 critical

CVE-2019-1164 critical

CVE-2019-1152 critical

CVE-2019-1158 high

CVE-2019-1156 critical

CVE-2019-1228 high

CVE-2019-1182 critical

CVE-2019-1057 critical

CVE-2019-0736 critical

CVE-2019-1168 critical

KB list

4512518

4512506

4512488

4511872

4512476

4512486

4512491

4512482

4512489

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows Server 2012 R2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2012Windows 7 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Internet Explorer 9Windows Server 2012 R2

References

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.902

Percentile

98.8%