Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12341
HistoryNov 09, 2021 - 12:00 a.m.

KLA12341 Multiple vulnerabilities in Microsoft Products (ESU)

2021-11-0900:00:00
Kaspersky Lab
threats.kaspersky.com
32

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.064

Percentile

93.8%

JSON

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely to obtain sensitive information.
  4. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
  5. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  6. An elevation of privilege vulnerability in Windows Fast FAT File System Driver can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  9. A remote code execution vulnerability in Microsoft COM for Windows can be exploited remotely to execute arbitrary code.
  10. An elevation of privilege vulnerability in Credential Security Support Provider Protocol (CredSSP) can be exploited remotely to gain privileges.
  11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.

Original advisories

CVE-2021-42282

CVE-2021-41367

CVE-2021-41371

CVE-2021-38665

CVE-2021-38666

CVE-2021-42291

CVE-2021-42278

CVE-2021-41377

CVE-2021-41379

CVE-2021-42285

CVE-2021-42283

CVE-2021-42275

CVE-2021-38631

CVE-2021-41370

CVE-2021-42287

CVE-2021-41366

CVE-2021-42284

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2021-42282 high

CVE-2021-41367 warning

CVE-2021-41371 warning

CVE-2021-38665 warning

CVE-2021-38666 high

CVE-2021-42291 high

CVE-2021-42278 high

CVE-2021-41377 warning

CVE-2021-41379 warning

CVE-2021-42285 high

CVE-2021-42283 warning

CVE-2021-42275 high

CVE-2021-38631 warning

CVE-2021-41370 warning

CVE-2021-42287 high

CVE-2021-42284 high

CVE-2021-41366 warning

KB list

5007233

5007236

5007263

5007246

5007260

5007255

5007245

5007247

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1

References

Related

mskb 15
nessus 11
openvas 7
kaspersky 1
thn 5
threatpost 4
kitploit 1
pentestpartners 1
checkpoint_advisories 2
krebs 2
githubexploit 1
nvd 17
prion 17
ics 1
mscve 17
cisa_kev 3
cve 17
cvelist 17
zdi 1
attackerkb 4
altlinux 2
cnvd 2
malwarebytes 3
hivepro 2
qualysblog 1
rapid7blog 3
avleonov 1
mskb
mskb
November 9, 2021—KB5007247 (Monthly Rollup)
2021-11-09 08:00:00
November 9, 2021—KB5007255 (Security-only update)
2021-11-09 08:00:00
November 9, 2021—KB5007233 (Security-only update)
2021-11-09 08:00:00
nessus
nessus
KB5007255: Windows 8.1 and Windows Server 2012 R2 Security Update (November 2021)
2021-11-09 00:00:00
KB5007233: Windows 7 and Windows Server 2008 R2 Security Update (November 2021)
2021-11-09 00:00:00
KB5007245: Windows Server 2012 Security Update (November 2021)
2021-11-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5007247)
2021-11-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5007236)
2021-11-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5007207)
2021-11-10 00:00:00
kaspersky
kaspersky
KLA12345 Multiple vulnerabilities in Microsoft Windows
2021-11-09 00:00:00
thn
thn
Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
2021-12-22 07:01:00
Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs
2021-11-10 06:24:00
Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia
2024-05-13 10:01:00
threatpost
threatpost
Two Active Directory Bugs Lead to Easy Windows Domain Takeover
2021-12-21 16:46:02
Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs
2021-11-09 21:41:49
Attackers Actively Target Windows Installer Zero-Day
2021-11-24 14:09:18
kitploit
kitploit
noPac - Exploiting CVE-2021-42278 And CVE-2021-42287 To Impersonate DA From Standard Domain User
2022-09-06 12:30:00
pentestpartners
pentestpartners
A broken marriage. Abusing mixed vendor Kerberos stacks
2023-08-25 05:35:47
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Active Directory Privilege Escalation Multiple Vulnerabilities (CVE-2021-42278; CVE-2021-42287)
2022-04-27 00:00:00
Microsoft Remote Desktop Client Remote Code Execution (CVE-2021-38666)
2021-11-09 00:00:00
krebs
krebs
Microsoft Patch Tuesday, November 2021 Edition
2021-11-09 20:39:07
Microsoft Patch Tuesday, December 2021 Edition
2021-12-14 22:23:44
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2022-01-13 21:16:26
nvd
nvd
CVE-2021-42291
2021-11-10 01:19:46
CVE-2021-41370
2021-11-10 01:19:30
CVE-2021-41377
2021-11-10 01:19:31
prion
prion
Privilege escalation
2021-11-10 01:19:00
Privilege escalation
2021-11-10 01:19:00
Information disclosure
2021-11-10 01:19:00
ics
ics
#StopRansomware: Black Basta
2024-05-10 12:00:00
mscve
mscve
Windows Hyper-V Denial of Service Vulnerability
2021-11-09 08:00:00
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
2021-11-09 08:00:00
Remote Desktop Protocol Client Information Disclosure Vulnerability
2021-11-09 08:00:00
cisa_kev
cisa_kev
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
2022-04-11 00:00:00
Microsoft Windows Installer Privilege Escalation Vulnerability
2022-03-03 00:00:00
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
2022-04-11 00:00:00
cve
cve
CVE-2021-42278
2021-11-10 01:19:44
CVE-2021-42285
2021-11-10 01:19:45
CVE-2021-38631
2021-11-10 01:18:34
cvelist
cvelist
CVE-2021-42287 Active Directory Domain Services Elevation of Privilege Vulnerability
2021-11-10 00:47:20
CVE-2021-42285 Windows Kernel Elevation of Privilege Vulnerability
2021-11-10 00:47:17
CVE-2021-42284 Windows Hyper-V Denial of Service Vulnerability
2021-11-10 00:47:16
zdi
zdi
Microsoft Windows Installer Service Link Following Privilege Escalation Vulnerability
2021-11-11 00:00:00
attackerkb
attackerkb
CVE-2021-42278
2021-11-10 00:00:00
CVE-2021-42291
2021-11-10 00:00:00
CVE-2021-42287
2021-11-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package adcli version 0.9.2-alt1
2023-04-21 00:00:00
Security fix for the ALT Linux 10 package samba version 4.16.4-alt2
2022-09-08 00:00:00
cnvd
cnvd
Microsoft Windows COM Remote Code Execution Vulnerability
2021-11-12 00:00:00
Microsoft Windows Active Directory Elevation of Privilege Vulnerability
2021-11-12 00:00:00
malwarebytes
malwarebytes
Windows Installer vulnerability becomes actively exploited zero-day
2021-11-24 14:21:50
CISA list of 95 new known exploited vulnerabilities raises questions
2022-03-14 11:18:33
[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates
2021-11-10 14:30:23
hivepro
hivepro
Microsoft could not patch this vulnerability
2021-11-23 10:56:28
Microsoft’s Patch Tuesday Security Updates for November
2021-11-10 11:20:36
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities
2021-11-11 01:07:53
rapid7blog
rapid7blog
Ongoing Exploitation of Windows Installer CVE-2021-41379
2021-11-30 19:03:28
Dropping Files on a Domain Controller Using CVE-2021-43893
2022-02-14 15:30:52
Patch Tuesday - December 2021
2021-12-14 22:12:53
avleonov
avleonov
Vulristics Command Line Interface, improved Product & Vuln. Type Detections and Microsoft Patch Tuesday November 2021
2021-11-30 20:30:48

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.064

Percentile

93.8%

JSON
Related for KLA12341
mskb15nessus11openvas7kaspersky1thn5threatpost4kitploit1pentestpartners1checkpoint_advisories2krebs2githubexploit1nvd17prion17ics1mscve17cisa_kev3cve17cvelist17zdi1attackerkb4altlinux2cnvd2malwarebytes3hivepro2qualysblog1rapid7blog3avleonov1