Lucene search

K
kasperskyKaspersky LabKLA12509
HistoryApr 12, 2022 - 12:00 a.m.

KLA12509 Multiple vulnerabilities in Microsoft Products (ESU)

2022-04-1200:00:00
Kaspersky Lab
threats.kaspersky.com
31

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Fax Compose Form can be exploited remotely to execute arbitrary code.
  2. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in PowerShell can be exploited remotely to gain privileges.
  4. A remote code execution vulnerability in Win32 File Enumeration can be exploited remotely to execute arbitrary code.
  5. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  6. Information disclosure vulnerability in Windows iSCSI Target Service can be exploited to obtain sensitive information.
  7. A remote code execution vulnerability in Remote Desktop Protocol can be exploited remotely to execute arbitrary code.
  8. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
  9. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  10. A remote code execution vulnerability in Windows SMB can be exploited remotely to execute arbitrary code.
  11. A remote code execution vulnerability in Windows Server Service can be exploited remotely to execute arbitrary code.
  12. A remote code execution vulnerability in Windows Stream Enumeration can be exploited remotely to execute arbitrary code.
  13. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  14. A remote code execution vulnerability in Win32 Stream Enumeration can be exploited remotely to execute arbitrary code.
  15. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  16. A denial of service vulnerability in Windows LDAP can be exploited remotely to cause denial of service.
  17. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  18. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  19. An elevation of privilege vulnerability in Windows File Server Resource Management Service can be exploited remotely to gain privileges.
  20. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  21. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely to gain privileges.
  22. A remote code execution vulnerability in Windows LDAP can be exploited remotely to execute arbitrary code.
  23. An information disclosure vulnerability in Microsoft Local Security Authority (LSA) Server can be exploited remotely to obtain sensitive information.
  24. An elevation of privilege vulnerability in Windows Work Folder Service can be exploited remotely to gain privileges.
  25. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  26. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely to gain privileges.
  27. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
  28. A denial of service vulnerability in Windows Cluster Shared Volume (CSV) can be exploited remotely to cause denial of service.
  29. An elevation of privilege vulnerability in Windows Digital Media Receiver can be exploited remotely to gain privileges.
  30. A denial of service vulnerability in Windows Cluster Shared Volume (CSV) can be exploited remotely to cause denial of service.
  31. An elevation of privilege vulnerability in Windows File Explorer can be exploited remotely to gain privileges.
  32. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  33. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  34. A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2022-26917

CVE-2022-26803

CVE-2022-26788

CVE-2022-24485

CVE-2022-26822

CVE-2022-26802

CVE-2022-24498

CVE-2022-24536

CVE-2022-26813

CVE-2022-24533

CVE-2022-26903

CVE-2022-26801

CVE-2022-24521

CVE-2022-24500

CVE-2022-24541

CVE-2022-26796

CVE-2022-26916

CVE-2022-26812

CVE-2022-26821

CVE-2022-21983

CVE-2022-26915

CVE-2022-26829

CVE-2022-24534

CVE-2022-24499

CVE-2022-26831

CVE-2022-24542

CVE-2022-24528

CVE-2022-26810

CVE-2022-26792

CVE-2022-26918

CVE-2022-26815

CVE-2022-24494

CVE-2022-26904

CVE-2022-26819

CVE-2022-24492

CVE-2022-26809

CVE-2022-26919

CVE-2022-24493

CVE-2022-26798

CVE-2022-26807

CVE-2022-24530

CVE-2022-26787

CVE-2022-26797

CVE-2022-24481

CVE-2022-24474

CVE-2022-26827

CVE-2022-24544

CVE-2022-24540

CVE-2022-26790

CVE-2022-26794

CVE-2022-26820

CVE-2022-24550

CVE-2022-26818

CVE-2022-26784

CVE-2022-24547

CVE-2022-24538

CVE-2022-26817

CVE-2022-26808

CVE-2022-26786

CVE-2022-22008

CVE-2022-26814

CVE-2022-24483

CVE-2022-24491

CVE-2022-24484

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2022-26784 high

CVE-2022-26917 high

CVE-2022-26803 high

CVE-2022-26788 high

CVE-2022-24485 high

CVE-2022-26822 high

CVE-2022-26802 high

CVE-2022-24498 high

CVE-2022-24536 high

CVE-2022-26813 high

CVE-2022-24533 high

CVE-2022-26903 high

CVE-2022-24538 high

CVE-2022-26801 high

CVE-2022-24521 high

CVE-2022-24500 high

CVE-2022-24541 high

CVE-2022-26796 high

CVE-2022-26916 high

CVE-2022-26812 high

CVE-2022-24491 critical

CVE-2022-26821 high

CVE-2022-26818 high

CVE-2022-21983 high

CVE-2022-26915 high

CVE-2022-26829 high

CVE-2022-22008 high

CVE-2022-24534 high

CVE-2022-24499 high

CVE-2022-26831 high

CVE-2022-24542 high

CVE-2022-24528 high

CVE-2022-26810 high

CVE-2022-26792 high

CVE-2022-26786 high

CVE-2022-26918 high

CVE-2022-26815 high

CVE-2022-24494 high

CVE-2022-24483 high

CVE-2022-24484 high

CVE-2022-26814 high

CVE-2022-26904 high

CVE-2022-26819 high

CVE-2022-24492 high

CVE-2022-26809 critical

CVE-2022-26919 high

CVE-2022-26808 high

CVE-2022-24493 high

CVE-2022-26798 high

CVE-2022-26807 high

CVE-2022-24530 high

CVE-2022-26787 high

CVE-2022-26817 high

CVE-2022-26797 high

CVE-2022-24481 high

CVE-2022-24474 high

CVE-2022-26827 high

CVE-2022-24547 high

CVE-2022-24544 high

CVE-2022-24540 high

CVE-2022-26790 high

CVE-2022-24550 high

CVE-2022-26794 high

CVE-2022-26820 high

KB list

5012666

5012639

5012650

5012670

5012658

5012626

5012632

5012649

5013999

5014012

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)

References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%