Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12457
HistoryFeb 08, 2022 - 12:00 a.m.

KLA12457 Multiple vulnerabilities in Microsoft Windows

2022-02-0800:00:00
Kaspersky Lab
threats.kaspersky.com
126

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.474 Medium

EPSS

Percentile

97.4%

JSON

Detect date:

02/08/2022

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 11 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 10 Version 21H2 for ARM64-based Systems
Windows Server 2016
Windows 10 for 32-bit Systems
Windows 8.1 for x64-based systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2022 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 1909 for 32-bit Systems
Windows Server 2019
Windows RT 8.1
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2012 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 10 Version 1607 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2022
Windows 10 Version 20H2 for ARM64-based Systems
Windows 8.1 for 32-bit systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2022 Azure Edition Core Hotpatch
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows 11 for x64-based Systems

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-22717
CVE-2022-21998
CVE-2022-22718
CVE-2022-21926
CVE-2022-22001
CVE-2022-21981
CVE-2022-22715
CVE-2022-21995
CVE-2022-22710
CVE-2022-21994
CVE-2022-21927
CVE-2022-22002
CVE-2022-21997
CVE-2022-21996
CVE-2022-21992
CVE-2022-21985
CVE-2022-22712
CVE-2022-21971
CVE-2022-21844
CVE-2022-21984
CVE-2022-21999
CVE-2022-21993
CVE-2022-21989
CVE-2022-22709
CVE-2022-22000
CVE-2022-21974

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2022-227177.0High
CVE-2022-219985.5High
CVE-2022-227187.8Critical
CVE-2022-219267.8Critical
CVE-2022-220017.8Critical
CVE-2022-219817.8Critical
CVE-2022-227157.8Critical
CVE-2022-219957.9Critical
CVE-2022-227105.5High
CVE-2022-219947.8Critical
CVE-2022-219747.8Critical
CVE-2022-219277.8Critical
CVE-2022-220025.5High
CVE-2022-219977.1High
CVE-2022-219967.8Critical
CVE-2022-219927.8Critical
CVE-2022-219855.5High
CVE-2022-227125.6High
CVE-2022-219717.8Critical
CVE-2022-218447.8Critical
CVE-2022-219848.8Critical
CVE-2022-219997.8Critical
CVE-2022-219937.5Critical
CVE-2022-219897.8Critical
CVE-2022-227097.8Critical
CVE-2022-220007.8Critical

KB list:

5010419
5010395
5010358
5010359
5010392
5010412
5010351
5010342
5010345
5010354
5010386
5010456

Microsoft official advisories:

References

Related

nessus 12
mskb 16
openvas 7
kaspersky 1
avleonov 1
thn 3
zdt 1
rapid7blog 3
metasploit 1
packetstorm 1
threatpost 1
qualysblog 1
mscve 26
krebs 1
prion 26
checkpoint_advisories 7
cve 26
githubexploit 5
attackerkb 3
veracode 1
cisa_kev 3
zdi 1
hivepro 1
alpinelinux 1
malwarebytes 3
nessus
nessus
KB5010386: Windows 11 Security Update (February 2022)
2022-02-08 00:00:00
KB5010354: Windows Server 2022 Security Update (February 2022)
2022-02-08 00:00:00
KB5010345: Windows 10 version 1909 Security Update (February 2022)
2022-02-08 00:00:00
mskb
mskb
February 8, 2022— KB5010456 (OS Build 20348.525)
2022-02-08 08:00:00
February 8, 2022—KB5010354 (OS Build 20348.524)
2022-02-08 08:00:00
February 8, 2022—KB5010342 (OS Builds 19042.1526, 19043.1526, and 19044.1526)
2022-02-08 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5010345)
2022-02-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5010386)
2023-08-07 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5010351)
2022-02-09 00:00:00
kaspersky
kaspersky
KLA12458 Multiple vulnerabilities in Microsoft Products (ESU)
2022-02-08 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday February 2022
2022-02-28 20:52:10
thn
thn
Microsoft and Other Major Software Firms Release February 2022 Patch Updates
2022-02-09 06:40:00
Hackers Exploiting Recently Reported Windows Print Spooler Vulnerability in the Wild
2022-04-20 02:54:00
CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog
2022-08-20 14:19:00
zdt
zdt
Windows SpoolFool Privilege Escalation Exploit
2022-03-17 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2022
2022-02-08 20:43:40
Metasploit Weekly Wrap-Up
2022-03-18 17:38:38
Announcing Metasploit 6.2
2022-06-09 16:39:00
metasploit
metasploit
CVE-2022-21999 SpoolFool Privesc
2022-03-10 23:02:58
packetstorm
packetstorm
Windows SpoolFool Privilege Escalation
2022-03-16 00:00:00
threatpost
threatpost
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
2022-02-08 20:24:17
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (February 2022) – Microsoft 70 Vulnerabilities with 0 Critical; Adobe 17 Vulnerabilities with 5 Critical
2022-02-08 22:35:12
mscve
mscve
HEVC Video Extensions Remote Code Execution Vulnerability
2022-02-08 08:00:00
VP9 Video Extensions Remote Code Execution Vulnerability
2022-02-08 08:00:00
HEVC Video Extensions Remote Code Execution Vulnerability
2022-02-08 08:00:00
krebs
krebs
Microsoft Patch Tuesday, February 2022 Edition
2022-02-08 22:38:16
prion
prion
Remote code execution
2022-02-09 17:15:00
Remote code execution
2022-02-09 17:15:00
Remote code execution
2022-02-09 17:15:00
checkpoint_advisories
checkpoint_advisories
Microsoft Named Pipe File System Elevation of Privilege (CVE-2022-22715)
2022-02-08 00:00:00
Microsoft Windows DWM Core Library Elevation of Privilege (CVE-2022-21994)
2022-02-08 00:00:00
Microsoft Windows Print Spooler Elevation of Privilege (CVE-2022-22718)
2022-02-08 00:00:00
cve
cve
CVE-2022-21926
2022-02-09 17:15:00
CVE-2022-22709
2022-02-09 17:15:00
CVE-2022-21927
2022-02-09 17:15:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2022-05-22 13:20:39
Exploit for Access of Uninitialized Pointer in Microsoft
2022-04-15 09:14:22
Exploit for Vulnerability in Microsoft
2022-02-26 18:53:56
attackerkb
attackerkb
CVE-2022-22718
2022-02-09 00:00:00
CVE-2022-21971
2022-02-09 00:00:00
CVE-2022-21999
2022-02-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-07-06 17:44:09
cisa_kev
cisa_kev
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
2022-04-19 00:00:00
Microsoft Windows Runtime Remote Code Execution Vulnerability
2022-08-18 00:00:00
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
2022-03-25 00:00:00
zdi
zdi
Microsoft Windows User Profile Picture Link Following Denial-of-Service Vulnerability
2022-02-11 00:00:00
hivepro
hivepro
Microsoft Patch Tuesday addresses a zero-day vulnerability in Windows Kernel
2022-02-09 13:44:33
alpinelinux
alpinelinux
CVE-2022-22710
2022-02-09 17:15:00
malwarebytes
malwarebytes
Update now! Firefox and Adobe updates are more critical than Microsoft’s
2022-02-09 12:10:20
Vulnerabilities in GPS tracker could have “life-threatening” implications
2022-07-21 09:57:08
CISA wants you to patch these actively exploited vulnerabilities before September 8
2022-08-22 15:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.474 Medium

EPSS

Percentile

97.4%

JSON
Related for KLA12457
nessus12mskb16openvas7kaspersky1avleonov1thn3zdt1rapid7blog3metasploit1packetstorm1threatpost1qualysblog1mscve26krebs1prion26checkpoint_advisories7cve26githubexploit5attackerkb3veracode1cisa_kev3zdi1hivepro1alpinelinux1malwarebytes3