Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12111
HistoryMar 09, 2021 - 12:00 a.m.

KLA12111 Multiple vulnerabilities in Microsoft Windows

2021-03-0900:00:00
Kaspersky Lab
threats.kaspersky.com
40

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.893 High

EPSS

Percentile

98.7%

JSON

Detect date:

03/09/2021

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, bypass security restrictions, obtain sensitive information.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2012 R2
Windows Server, version 1909 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 2004 for x64-based Systems
Windows RT 8.1
Windows 10 Version 1909 for ARM64-based Systems
Windows Admin Center
Windows 10 Version 20H2 for x64-based Systems
HEVC Video Extensions
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server, version 2004 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 10 Version 2004 for ARM64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2016
Windows 10 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2019
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 8.1 for x64-based systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 1803 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows 10 for x64-based Systems
Windows Server 2012
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 (Server Core installation)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-26899
CVE-2021-26876
CVE-2021-1729
CVE-2021-26875
CVE-2021-27048
CVE-2021-26866
CVE-2021-26902
CVE-2021-26886
CVE-2021-27066
CVE-2021-27063
CVE-2021-27050
CVE-2021-26889
CVE-2021-26890
CVE-2021-26895
CVE-2021-26885
CVE-2021-24107
CVE-2021-26892
CVE-2021-24090
CVE-2021-24110
CVE-2021-24095
CVE-2021-26887
CVE-2021-24089
CVE-2021-26878
CVE-2021-27077
CVE-2021-26894
CVE-2021-26884
CVE-2021-26898
CVE-2021-26864
CVE-2021-27061
CVE-2021-26865
CVE-2021-26891
CVE-2021-26893
CVE-2021-26896
CVE-2021-26867
CVE-2021-27049
CVE-2021-27070
CVE-2021-26869
CVE-2021-26868
CVE-2021-26877
CVE-2021-1640
CVE-2021-27062
CVE-2021-26880
CVE-2021-26879
CVE-2021-26870
CVE-2021-26897
CVE-2021-26872
CVE-2021-26861
CVE-2021-26901
CVE-2021-27047
CVE-2021-26881
CVE-2021-26900
CVE-2021-27051
CVE-2021-26882
CVE-2021-26871
CVE-2021-26860
CVE-2021-26863
CVE-2021-26862
CVE-2021-26874
CVE-2021-26873

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2021-268997.8Critical
CVE-2021-268768.8Critical
CVE-2021-17297.1High
CVE-2021-268757.8Critical
CVE-2021-270487.8Critical
CVE-2021-268667.1High
CVE-2021-269027.8Critical
CVE-2021-268866.1High
CVE-2021-270664.3Warning
CVE-2021-270637.5Critical
CVE-2021-270507.8Critical
CVE-2021-268897.8Critical
CVE-2021-268907.8Critical
CVE-2021-268959.8Critical
CVE-2021-268857.8Critical
CVE-2021-241075.5High
CVE-2021-268926.2High
CVE-2021-240907.8Critical
CVE-2021-241107.8Critical
CVE-2021-240957.0High
CVE-2021-268877.8Critical
CVE-2021-240897.8Critical
CVE-2021-268787.8Critical
CVE-2021-270777.8Critical
CVE-2021-268949.8Critical
CVE-2021-268845.5High
CVE-2021-268987.8Critical
CVE-2021-268648.4Critical
CVE-2021-270617.8Critical
CVE-2021-268658.8Critical
CVE-2021-268917.8Critical
CVE-2021-268939.8Critical
CVE-2021-268967.5Critical
CVE-2021-268679.9Critical
CVE-2021-270497.8Critical
CVE-2021-270707.3High
CVE-2021-268695.5High
CVE-2021-268687.8Critical
CVE-2021-268779.8Critical
CVE-2021-16407.8Critical
CVE-2021-270627.8Critical
CVE-2021-268807.8Critical
CVE-2021-268797.5Critical
CVE-2021-268707.8Critical
CVE-2021-268979.8Critical
CVE-2021-268727.8Critical
CVE-2021-268617.8Critical
CVE-2021-269017.8Critical
CVE-2021-270477.8Critical
CVE-2021-268817.5Critical
CVE-2021-269007.8Critical
CVE-2021-270517.8Critical
CVE-2021-268827.8Critical
CVE-2021-268717.8Critical
CVE-2021-268607.8Critical
CVE-2021-268637.0High
CVE-2021-268627.0High
CVE-2021-268747.8Critical
CVE-2021-268737.0High

KB list:

5000809
5000822
5000847
5000808
5000803
5000807
5000848
5000802
5000853
5000840

Microsoft official advisories:

References

Related

nessus 12
mskb 14
openvas 3
kaspersky 1
trellix 2
attackerkb 4
rapid7blog 1
googleprojectzero 1
prion 45
mscve 47
cve 45
cnvd 8
githubexploit 1
zdi 9
checkpoint_advisories 4
threatpost 1
packetstorm 1
nessus
nessus
KB5000802: Windows Security Update (March 2021)
2021-03-09 00:00:00
KB5000808: Windows 10 Version 1909 March 2021 Security Update
2021-03-09 00:00:00
KB5000803: Windows Security Update (March 2021)
2021-03-09 00:00:00
mskb
mskb
March 9, 2021—KB5000802 (OS Builds 19041.867 and 19042.867)
2021-03-09 08:00:00
March 9, 2021—KB5000808 (OS Build 18363.1440)
2021-03-09 08:00:00
March 9, 2021—KB5000803 (OS Build 14393.4283) - EXPIRED
2021-03-09 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5000802)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000847)
2021-03-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5000807)
2021-03-10 00:00:00
kaspersky
kaspersky
KLA12112 Multiple vulnerabilities in Microsoft Products (ESU)
2021-03-09 00:00:00
trellix
trellix
Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates
2021-03-09 00:00:00
Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates
2021-03-09 00:00:00
attackerkb
attackerkb
CVE-2021-26897
2021-03-11 00:00:00
CVE-2021-27077
2021-03-11 00:00:00
CVE-2021-26899
2021-03-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - March 2021
2021-03-09 22:13:03
googleprojectzero
googleprojectzero
Who Contains the Containers?
2021-04-01 00:00:00
prion
prion
Remote code execution
2021-03-11 16:15:00
Remote code execution
2021-03-11 16:15:00
Remote code execution
2021-03-11 16:15:00
mscve
mscve
HEVC Video Extensions Remote Code Execution Vulnerability
2021-03-09 08:00:00
Windows 10 Update Assistant Elevation of Privilege Vulnerability
2021-03-09 08:00:00
HEVC Video Extensions Remote Code Execution Vulnerability
2021-03-09 08:00:00
cve
cve
CVE-2021-27066
2021-03-11 16:15:00
CVE-2021-26902
2021-03-11 16:15:00
CVE-2021-27047
2021-03-11 16:15:00
cnvd
cnvd
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2021-70138)
2021-03-10 00:00:00
Microsoft Windows Error Reporting Elevation of Privilege Vulnerability (CNVD-2023-02195)
2021-03-10 00:00:00
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2021-70136)
2021-03-10 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2021-03-25 02:38:08
zdi
zdi
Microsoft Windows Setup Directory Junction Privilege Escalation Vulnerability
2021-03-17 00:00:00
Microsoft Windows Update Assistant Improper Access Control Privilege Escalation Vulnerability
2021-03-17 00:00:00
Microsoft Windows CInteractionTrackerMarshaler Use-After-Free Privilege Escalation Vulnerability
2021-03-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Win32k Elevation of Privilege (CVE-2021-26863)
2021-03-09 00:00:00
Microsoft Windows DNS Server Remote Code Execution (CVE-2021-26897)
2021-03-09 00:00:00
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2021-26868)
2021-03-09 00:00:00
threatpost
threatpost
Microsoft Patch Tuesday Updates Fix 14 Critical Bugs
2021-03-09 22:12:56
packetstorm
packetstorm
Microsoft Windows Containers Privilege Escalation
2021-03-10 00:00:00

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.893 High

EPSS

Percentile

98.7%

JSON
Related for KLA12111
nessus12mskb14openvas3kaspersky1trellix2attackerkb4rapid7blog1googleprojectzero1prion45mscve47cve45cnvd8githubexploit1zdi9checkpoint_advisories4threatpost1packetstorm1