Lucene search

K
kasperskyKaspersky LabKLA12502
HistoryApr 12, 2022 - 12:00 a.m.

KLA12502 Multiple vulnerabilities in Microsoft Windows

2022-04-1200:00:00
Kaspersky Lab
threats.kaspersky.com
59

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Connected User Experiences and Telemetry can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  3. A denial of service vulnerability in Windows Cluster Shared Volume (CSV) can be exploited remotely to cause denial of service.
  4. A remote code execution vulnerability in Windows Fax Compose Form can be exploited remotely to execute arbitrary code.
  5. An information disclosure vulnerability in Windows Hyper-V Shared Virtual Hard Disks can be exploited remotely to obtain sensitive information.
  6. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in PowerShell can be exploited remotely to gain privileges.
  8. A remote code execution vulnerability in Win32 File Enumeration can be exploited remotely to execute arbitrary code.
  9. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  10. An elevation of privilege vulnerability in Cluster Client Failover (CCF) can be exploited remotely to gain privileges.
  11. Information disclosure vulnerability in Windows iSCSI Target Service can be exploited to obtain sensitive information.
  12. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
  13. A remote code execution vulnerability in Remote Desktop Protocol can be exploited remotely to execute arbitrary code.
  14. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
  15. A denial of service vulnerability in Windows Cluster Shared Volume (CSV) can be exploited remotely to cause denial of service.
  16. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  17. A remote code execution vulnerability in Windows SMB can be exploited remotely to execute arbitrary code.
  18. A remote code execution vulnerability in Windows Server Service can be exploited remotely to execute arbitrary code.
  19. A remote code execution vulnerability in Windows Kerberos can be exploited remotely to execute arbitrary code.
  20. A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.
  21. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
  22. An elevation of privilege vulnerability in Windows AppX Package Manager can be exploited remotely to gain privileges.
  23. A remote code execution vulnerability in Windows Upgrade Assistant can be exploited remotely to execute arbitrary code.
  24. A remote code execution vulnerability in Windows Stream Enumeration can be exploited remotely to execute arbitrary code.
  25. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  26. A remote code execution vulnerability in Win32 Stream Enumeration can be exploited remotely to execute arbitrary code.
  27. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  28. A denial of service vulnerability in Windows LDAP can be exploited remotely to cause denial of service.
  29. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  30. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  31. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.
  32. An elevation of privilege vulnerability in Windows File Server Resource Management Service can be exploited remotely to gain privileges.
  33. A remote code execution vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to execute arbitrary code.
  34. A remote code execution vulnerability in DiskUsage.exe can be exploited remotely to execute arbitrary code.
  35. An elevation of privilege vulnerability in Windows Desktop Bridge can be exploited remotely to gain privileges.
  36. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  37. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  38. A remote code execution vulnerability in HEVC Video Extensions can be exploited remotely to execute arbitrary code.
  39. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely to gain privileges.
  40. A remote code execution vulnerability in Windows LDAP can be exploited remotely to execute arbitrary code.
  41. An elevation of privilege vulnerability in Windows File Explorer can be exploited remotely to gain privileges.
  42. An information disclosure vulnerability in Microsoft Local Security Authority (LSA) Server can be exploited remotely to obtain sensitive information.
  43. An elevation of privilege vulnerability in Local Security Authority (LSA) can be exploited remotely to gain privileges.
  44. An elevation of privilege vulnerability in Windows Work Folder Service can be exploited remotely to gain privileges.
  45. An elevation of privilege vulnerability in Windows DWM Core Library can be exploited remotely to gain privileges.
  46. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  47. An elevation of privilege vulnerability in Windows Digital Media Receiver can be exploited remotely to gain privileges.
  48. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely to gain privileges.
  49. A remote code execution vulnerability in Windows Direct Show can be exploited remotely to execute arbitrary code.
  50. An information disclosure vulnerability in Windows DNS Server can be exploited remotely to obtain sensitive information.
  51. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  52. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.

Original advisories

CVE-2022-26917

CVE-2022-26803

CVE-2022-26788

CVE-2022-26791

CVE-2022-26789

CVE-2022-26825

CVE-2022-26822

CVE-2022-26802

CVE-2022-26795

CVE-2022-26920

CVE-2022-26813

CVE-2022-26801

CVE-2022-26796

CVE-2022-26916

CVE-2022-26812

CVE-2022-26793

CVE-2022-26821

CVE-2022-24549

CVE-2022-26915

CVE-2022-26831

CVE-2022-26828

CVE-2022-26810

CVE-2022-26792

CVE-2022-26786

CVE-2022-26918

CVE-2022-26904

CVE-2022-26819

CVE-2022-26826

CVE-2022-26809

CVE-2022-26919

CVE-2022-26808

CVE-2022-26798

CVE-2022-26807

CVE-2022-26824

CVE-2022-26787

CVE-2022-26797

CVE-2022-26827

CVE-2022-26823

CVE-2022-26790

CVE-2022-26794

CVE-2022-26811

CVE-2022-26820

CVE-2022-24479

CVE-2022-23257

CVE-2022-26784

CVE-2022-24539

CVE-2022-24485

CVE-2022-24489

CVE-2022-24498

CVE-2022-24536

CVE-2022-24533

CVE-2022-26903

CVE-2022-24538

CVE-2022-24521

CVE-2022-24500

CVE-2022-24541

CVE-2022-24545

CVE-2022-24491

CVE-2022-23268

CVE-2022-26818

CVE-2022-24543

CVE-2022-21983

CVE-2022-24537

CVE-2022-26829

CVE-2022-22008

CVE-2022-24534

CVE-2022-24499

CVE-2022-24542

CVE-2022-24528

CVE-2022-24487

CVE-2022-26830

CVE-2022-24490

CVE-2022-24488

CVE-2022-26815

CVE-2022-24494

CVE-2022-24483

CVE-2022-24484

CVE-2022-26814

CVE-2022-24532

CVE-2022-24492

CVE-2022-22009

CVE-2022-24493

CVE-2022-24496

CVE-2022-26785

CVE-2022-26783

CVE-2022-24530

CVE-2022-26817

CVE-2022-24481

CVE-2022-24474

CVE-2022-24546

CVE-2022-24486

CVE-2022-24547

CVE-2022-24544

CVE-2022-24540

CVE-2022-24495

CVE-2022-26816

CVE-2022-26914

CVE-2022-24550

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Windows-RT

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

CVE list

CVE-2022-24479 critical

CVE-2022-23257 critical

CVE-2022-26784 high

CVE-2022-26917 high

CVE-2022-24539 critical

CVE-2022-26803 high

CVE-2022-26788 high

CVE-2022-26791 critical

CVE-2022-24485 high

CVE-2022-26789 critical

CVE-2022-26825 high

CVE-2022-26822 high

CVE-2022-26802 high

CVE-2022-24489 critical

CVE-2022-24498 high

CVE-2022-26795 critical

CVE-2022-26920 high

CVE-2022-24536 high

CVE-2022-26813 high

CVE-2022-24533 high

CVE-2022-26903 high

CVE-2022-24538 high

CVE-2022-26801 high

CVE-2022-24521 high

CVE-2022-24500 high

CVE-2022-24541 high

CVE-2022-26796 high

CVE-2022-24545 critical

CVE-2022-26916 high

CVE-2022-26812 high

CVE-2022-26793 critical

CVE-2022-24491 critical

CVE-2022-23268 high

CVE-2022-26821 high

CVE-2022-24549 critical

CVE-2022-26818 high

CVE-2022-24543 critical

CVE-2022-21983 high

CVE-2022-24537 critical

CVE-2022-26915 high

CVE-2022-26829 high

CVE-2022-22008 high

CVE-2022-24534 high

CVE-2022-24499 high

CVE-2022-26831 high

CVE-2022-24542 high

CVE-2022-24528 high

CVE-2022-26828 high

CVE-2022-26810 high

CVE-2022-24487 critical

CVE-2022-26792 high

CVE-2022-26830 critical

CVE-2022-26786 high

CVE-2022-24490 critical

CVE-2022-26918 high

CVE-2022-24488 critical

CVE-2022-26815 high

CVE-2022-24494 high

CVE-2022-24483 high

CVE-2022-24484 high

CVE-2022-26814 high

CVE-2022-24532 critical

CVE-2022-26904 high

CVE-2022-26819 high

CVE-2022-26826 high

CVE-2022-24492 high

CVE-2022-22009 critical

CVE-2022-26809 critical

CVE-2022-26919 high

CVE-2022-26808 high

CVE-2022-24493 high

CVE-2022-24496 critical

CVE-2022-26785 high

CVE-2022-26798 high

CVE-2022-26807 high

CVE-2022-26783 high

CVE-2022-26824 high

CVE-2022-24530 high

CVE-2022-26787 high

CVE-2022-26817 high

CVE-2022-26797 high

CVE-2022-24481 high

CVE-2022-24474 high

CVE-2022-24546 critical

CVE-2022-24486 critical

CVE-2022-26827 high

CVE-2022-24547 high

CVE-2022-24544 high

CVE-2022-26823 high

CVE-2022-24540 high

CVE-2022-24495 high

CVE-2022-26816 high

CVE-2022-26790 high

CVE-2022-26914 critical

CVE-2022-24550 high

CVE-2022-26794 high

CVE-2022-26811 high

CVE-2022-26820 high

KB list

5012653

5012647

5012599

5012596

5012639

5012592

5012604

5012591

5012670

5023706

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows 10 Version 20H2 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H1 for 32-bit SystemsWindows 10 Version 1909 for x64-based SystemsWindows Server 2016Windows RT 8.1Windows 10 Version 1809 for ARM64-based SystemsWindows Server 2022 (Server Core installation)Windows 10 Version 1809 for x64-based SystemsWindows Server 2016 (Server Core installation)Windows Server 2019Windows 10 Version 21H2 for ARM64-based SystemsWindows Server 2019 (Server Core installation)Windows 11 for x64-based SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows 8.1 for 32-bit systemsWindows 8.1 for x64-based systemsWindows Server 2022Windows 11 for ARM64-based SystemsWindows 10 for x64-based SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 1909 for 32-bit SystemsWindows 10 Version 21H2 for x64-based SystemsWindows Server 2012Windows 10 Version 20H2 for ARM64-based SystemsWindows Server, version 20H2 (Server Core Installation)Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 1607 for 32-bit SystemsWindows Server 2012 R2 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows Upgrade AssistantHEVC Video ExtensionHEVC Video Extensions

References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%