Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12388
HistoryDec 14, 2021 - 12:00 a.m.

KLA12388 Multiple vulnerabilities in Microsoft Products (ESU)

2021-12-1400:00:00
Kaspersky Lab
threats.kaspersky.com
30

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON

Detect date:

12/14/2021

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-43217
CVE-2021-43216
CVE-2021-43223
CVE-2021-43238
CVE-2021-43883
CVE-2021-43229
CVE-2021-43226
CVE-2021-43234
CVE-2021-43215
CVE-2021-43893
CVE-2021-43230
CVE-2021-43224
CVE-2021-43222
CVE-2021-43233
CVE-2021-43245
CVE-2021-40441
CVE-2021-41333
CVE-2021-43236
CVE-2021-43207
CVE-2021-43232
CVE-2021-43248

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2021-432179.8Critical
CVE-2021-432166.5High
CVE-2021-432237.8Critical
CVE-2021-432387.8Critical
CVE-2021-438837.8Critical
CVE-2021-432297.8Critical
CVE-2021-432267.8Critical
CVE-2021-432327.8Critical
CVE-2021-432347.8Critical
CVE-2021-432159.8Critical
CVE-2021-438937.5Critical
CVE-2021-432307.8Critical
CVE-2021-432245.5High
CVE-2021-432227.5Critical
CVE-2021-432337.5Critical
CVE-2021-432457.8Critical
CVE-2021-404417.8Critical
CVE-2021-432487.8Critical
CVE-2021-413337.8Critical
CVE-2021-432367.5Critical
CVE-2021-432077.8Critical

KB list:

5008263
5008277
5008285
5008255
5008274
5008244
5008282
5008271
5015875
5015863
5015877
5015874
5015862
5015861

Microsoft official advisories:

References

Related

nessus 11
openvas 7
mskb 21
kaspersky 1
qualysblog 1
avleonov 1
attackerkb 4
thn 1
malwarebytes 1
threatpost 1
rapid7blog 6
prion 21
cve 21
cnvd 4
mscve 21
checkpoint_advisories 5
githubexploit 3
zdi 2
krebs 1
nessus
nessus
KB5008255: Windows Server 2012 Security Update (December 2021)
2021-12-14 00:00:00
KB5008285: Windows 8.1 and Windows Server 2012 R2 Security Update (December 2021)
2021-12-14 00:00:00
KB5008282: Windows 7 and Windows Server 2008 R2 Security Update (December 2021)
2021-12-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5008263)
2021-12-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5008244)
2021-12-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5008230)
2021-12-15 00:00:00
mskb
mskb
December 14, 2021—KB5008285 (Security-only update)
2021-12-14 08:00:00
December 14, 2021—KB5008277 (Monthly Rollup)
2021-12-14 08:00:00
December 14, 2021—KB5008274 (Monthly Rollup)
2021-12-14 08:00:00
kaspersky
kaspersky
KLA12387 Multiple vulnerabilities in Microsoft Windows
2021-12-14 00:00:00
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (December 2021) – Microsoft 83 Vulnerabilities with 7 Critical, 1 Actively Exploited. Adobe 60 Vulnerabilities, 28 critical.
2021-12-14 22:08:33
avleonov
avleonov
Microsoft Patch Tuesday December 2021
2021-12-16 20:53:37
attackerkb
attackerkb
CVE-2021-43207
2021-12-15 00:00:00
CVE-2021-43226
2021-12-15 00:00:00
CVE-2021-36942
2021-08-12 00:00:00
thn
thn
Microsoft Issues Windows Update to Patch 0-Day Used to Spread Emotet Malware
2021-12-15 07:14:00
malwarebytes
malwarebytes
After Log4j, December’s Patch Tuesday has snuck up on us
2021-12-16 10:47:28
threatpost
threatpost
Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
2021-12-14 22:21:35
rapid7blog
rapid7blog
Dropping Files on a Domain Controller Using CVE-2021-43893
2022-02-14 15:30:52
Patch Tuesday - December 2021
2021-12-14 22:12:53
Cloud Pentesting, Pt. 1: Breaking Down the Basics
2022-03-21 14:32:42
prion
prion
Information disclosure
2021-12-15 15:15:00
Information disclosure
2021-12-15 15:15:00
Privilege escalation
2021-12-15 15:15:00
cve
cve
CVE-2021-43230
2021-12-15 15:15:00
CVE-2021-43217
2021-12-15 15:15:00
CVE-2021-40441
2021-12-15 15:15:00
cnvd
cnvd
Microsoft Windows Media Center Elevation of Privilege Vulnerability
2021-12-19 00:00:00
Microsoft Windows Fax Service Remote Code Execution Vulnerability (CNVD-2021-101714)
2021-12-19 00:00:00
Microsoft Windows Event Tracing Remote Code Execution Vulnerability
2021-12-19 00:00:00
mscve
mscve
Windows Media Center Elevation of Privilege Vulnerability
2021-12-14 08:00:00
Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
2021-12-14 08:00:00
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
2021-12-14 08:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Installer Elevation of Privilege (CVE-2021-43883)
2021-12-14 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43226)
2021-12-14 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43207)
2021-12-14 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2022-06-07 13:32:17
Exploit for Vulnerability in Microsoft
2021-12-21 01:51:41
Exploit for Vulnerability in Microsoft
2023-10-30 06:47:50
zdi
zdi
Microsoft Windows Print Spooler Link Following Privilege Escalation Vulnerability
2021-12-21 00:00:00
Microsoft Windows Remote Access Connection Manager Service Link Following Denial-of-Service Vulnerability
2022-01-06 00:00:00
krebs
krebs
Microsoft Patch Tuesday, December 2021 Edition
2021-12-14 22:23:44

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON
Related for KLA12388
nessus11openvas7mskb21kaspersky1qualysblog1avleonov1attackerkb4thn1malwarebytes1threatpost1rapid7blog6prion21cve21cnvd4mscve21checkpoint_advisories5githubexploit3zdi2krebs1