Kaspersky LabKLA12282KLA12282 RCE vulnerability in Microsoft Products (ESU)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.035 Low
EPSS
Percentile
91.4%
Detect date:
08/11/2021
Severity:
Warning
Description:
A remote code execution vulnerability was found in Microsoft Products (Extended Security Update). Malicious users can exploit this vulnerability to execute arbitrary code.
Affected products:
Windows Print Spooler
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
Impacts:
ACE
Related products:
KB list:
5005633
5005606
5005615
5005618
Microsoft official advisories:
References
support.microsoft.com/kb/5005606
support.microsoft.com/kb/5005615
support.microsoft.com/kb/5005618
support.microsoft.com/kb/5005633
nvd.nist.gov/vuln/detail/CVE-2021-36958
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Windows-Print-Spooler/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.035 Low
EPSS
Percentile
91.4%