Lucene search

K
kasperskyKaspersky LabKLA12037
HistoryJan 12, 2021 - 12:00 a.m.

KLA12037 Security vulnerability in Microsoft Apps

2021-01-1200:00:00
Kaspersky Lab
threats.kaspersky.com
7

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

45.5%

Detect date:

01/12/2021

Severity:

High

Description:

A security bypass vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to bypass security restrictions.

Affected products:

Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server, version 2004 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1803 for 32-bit Systems
Microsoft Remote Desktop for Android
Windows 10 Version 1909 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows Server 2019
Windows 10 Version 2004 for x64-based Systems
Windows Server, version 1909 (Server Core installation)
Windows Server 2016
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 for x64-based Systems
Microsoft Remote Desktop
Remote Desktop client for Windows Desktop
Windows 10 Version 1909 for x64-based Systems

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-1669

Impacts:

SB

Related products:

Microsoft Windows

CVE-IDS:

CVE-2021-16698.8Critical

Microsoft official advisories:

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

45.5%