KLA12431 RCE vulnerability in Microsoft Windows

Detect date:

01/21/2022

Severity:

High

Description:

Remote code execution vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to execute arbitrary code.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2022
Windows 10 Version 1809 for ARM64-based Systems
Windows 11 for ARM64-based Systems
Windows Server 2012
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows Server 2019
Windows Server 2016
Windows 10 Version 21H1 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 10 Version 21H1 for 32-bit Systems
Windows Server 2012 R2
Windows 8.1 for x64-based systems
Windows 10 Version 20H2 for x64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows RT 8.1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2013-3900

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2013-39007.6Critical

Microsoft official advisories: