Lucene search

Kaspersky LabKLA12345

HistoryNov 09, 2021 - 12:00 a.m.

KLA12345 Multiple vulnerabilities in Microsoft Windows

2021-11-0900:00:00

Kaspersky Lab

threats.kaspersky.com

9 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.908 High

EPSS

Percentile

98.8%

JSON

Detect date:

11/09/2021

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows 10 Version 1607 for x64-based Systems
Windows Server 2016
Windows 8.1 for 32-bit systems
Windows 10 Version 20H2 for 32-bit Systems
Windows Server 2022
Windows Server 2019
Windows Server, version 2004 (Server Core installation)
Windows 10 for x64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows RT 8.1
Windows 10 Version 21H1 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H1 for 32-bit Systems
Windows 8.1 for x64-based systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2016 (Server Core installation)
Windows 10 Version 2004 for x64-based Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Remote Desktop client for Windows Desktop

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-42282
CVE-2021-41367
CVE-2021-41371
CVE-2021-38665
CVE-2021-38666
CVE-2021-42291
CVE-2021-42278
CVE-2021-41377
CVE-2021-41379
CVE-2021-42285
CVE-2021-42283
CVE-2021-42275
CVE-2021-38631
CVE-2021-41370
CVE-2021-42287
CVE-2021-26443
CVE-2021-42280
CVE-2021-42288
CVE-2021-42276
CVE-2021-36957
CVE-2021-42279
CVE-2021-42284
CVE-2021-42286
CVE-2021-42274
CVE-2021-42277
CVE-2021-41378
CVE-2021-41356
CVE-2021-41366
CVE-2021-41366
CVE-2021-42284

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

KB list:

5007255
5007206
5007207
5007186
5007192
5007215
5007205
5007247
5007189

Microsoft official advisories:

References

support.microsoft.com/kb/5007186

support.microsoft.com/kb/5007189

support.microsoft.com/kb/5007192

support.microsoft.com/kb/5007205

support.microsoft.com/kb/5007206

support.microsoft.com/kb/5007207

support.microsoft.com/kb/5007215

support.microsoft.com/kb/5007247

support.microsoft.com/kb/5007255

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26443

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36957

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38631

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38665

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38666

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41356

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41366

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41367

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41370

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41371

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41377

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41378

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41379

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42274

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42275

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42276

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42277

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42278

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42279

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42280

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42282

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42283

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42284

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42285

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42286

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42287

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42288

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42291

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26443

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36957

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38631

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38665

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38666

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41356

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41366

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41367

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41370

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41371

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41377

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41378

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41379

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42274

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42275

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42276

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42277

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42278

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42279

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42280

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42282

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42283

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42284

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42285

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42286

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42287

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42288

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42291

portal.msrc.microsoft.com/en-us/security-guidance

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/class/Exploit/

threats.kaspersky.com/en/product/Microsoft-Remote-Desktop/

threats.kaspersky.com/en/product/Microsoft-Windows-10/

threats.kaspersky.com/en/product/Microsoft-Windows-11/

threats.kaspersky.com/en/product/Microsoft-Windows-8/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2016/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2019/

threats.kaspersky.com/en/product/Microsoft-Windows-Server/

threats.kaspersky.com/en/product/Microsoft-Windows/

threats.kaspersky.com/en/product/Windows-RT/

9 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.908 High

EPSS

Percentile

98.8%

JSON