Kaspersky LabKLA12526KLA12526 Multiple vulnerabilities in Microsoft Windows
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.906 High
EPSS
Percentile
98.8%
Detect date:
05/10/2022
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, spoof user interface.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2012 R2
Windows 10 Version 1909 for ARM64-based Systems
Windows Server 2016
Windows Server, version 20H2 (Server Core Installation)
Windows Server 2019
Windows 10 Version 21H2 for 32-bit Systems
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 10 Version 1909 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows RT 8.1
Windows Server 2022
Windows 10 Version 21H1 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 21H2 for ARM64-based Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2012
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 8.1 for x64-based systems
Windows 10 Version 1607 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 20H2 for 32-bit Systems
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2022-29137
CVE-2022-29140
CVE-2022-29106
CVE-2022-29127
CVE-2022-22019
CVE-2022-22017
CVE-2022-29104
CVE-2022-29102
CVE-2022-29151
CVE-2022-29129
CVE-2022-29122
CVE-2022-29150
CVE-2022-29132
CVE-2022-29130
CVE-2022-26927
CVE-2022-26925
CVE-2022-29105
CVE-2022-29113
CVE-2022-22011
CVE-2022-29128
CVE-2022-23279
CVE-2022-22014
CVE-2022-29133
CVE-2022-29131
CVE-2022-26936
CVE-2022-29115
CVE-2022-22012
CVE-2022-26931
CVE-2022-22013
CVE-2022-29125
CVE-2022-29139
CVE-2022-29141
CVE-2022-22713
CVE-2022-29138
CVE-2022-29112
CVE-2022-29103
CVE-2022-26937
CVE-2022-22015
CVE-2022-26933
CVE-2022-29135
CVE-2022-24466
CVE-2022-26940
CVE-2022-29134
CVE-2022-26913
CVE-2022-26938
CVE-2022-26926
CVE-2022-22016
CVE-2022-23270
CVE-2022-29142
CVE-2022-29121
CVE-2022-21972
CVE-2022-26923
CVE-2022-26930
CVE-2022-29123
CVE-2022-29120
CVE-2022-26935
CVE-2022-29126
CVE-2022-29114
CVE-2022-29116
CVE-2022-26934
CVE-2022-26932
CVE-2022-26939
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-291378.8Critical
CVE-2022-269366.5High
CVE-2022-291157.8Critical
CVE-2022-291274.2Warning
CVE-2022-220129.8Critical
CVE-2022-269317.5Critical
CVE-2022-220138.8Critical
CVE-2022-220198.8Critical
CVE-2022-291398.8Critical
CVE-2022-291298.8Critical
CVE-2022-291418.8Critical
CVE-2022-291126.5High
CVE-2022-269379.8Critical
CVE-2022-291037.8Critical
CVE-2022-220156.5High
CVE-2022-291327.8Critical
CVE-2022-291309.8Critical
CVE-2022-269267.8Critical
CVE-2022-232708.1Critical
CVE-2022-291216.5High
CVE-2022-219728.1Critical
CVE-2022-269255.9High
CVE-2022-291057.8Critical
CVE-2022-220115.5High
CVE-2022-269356.5High
CVE-2022-291288.8Critical
CVE-2022-269346.5High
CVE-2022-220148.8Critical
CVE-2022-291405.5High
CVE-2022-291067.0High
CVE-2022-220178.8Critical
CVE-2022-291047.8Critical
CVE-2022-291025.5High
CVE-2022-291517.0High
CVE-2022-291226.5High
CVE-2022-291507.0High
CVE-2022-269278.8Critical
CVE-2022-291137.8Critical
CVE-2022-232797.0High
CVE-2022-291338.8Critical
CVE-2022-291318.8Critical
CVE-2022-291257.0High
CVE-2022-227135.6High
CVE-2022-291387.0High
CVE-2022-269335.5High
CVE-2022-291357.0High
CVE-2022-244664.1Warning
CVE-2022-269406.5High
CVE-2022-291346.5High
CVE-2022-269137.4High
CVE-2022-269387.0High
CVE-2022-220167.0High
CVE-2022-291427.0High
CVE-2022-269238.8Critical
CVE-2022-269305.5High
CVE-2022-291236.5High
CVE-2022-291206.5High
CVE-2022-291267.0High
CVE-2022-291145.5High
CVE-2022-291164.7Warning
CVE-2022-269328.2Critical
CVE-2022-269397.0High
KB list:
5014001
5013942
5013941
5014025
5013952
5013943
5013944
5014011
5013945
5013963
5025224
5025230
5025229
5025228
Microsoft official advisories:
References
support.microsoft.com/kb/5013941
support.microsoft.com/kb/5013942
support.microsoft.com/kb/5013943
support.microsoft.com/kb/5013944
support.microsoft.com/kb/5013945
support.microsoft.com/kb/5013952
support.microsoft.com/kb/5013963
support.microsoft.com/kb/5014001
support.microsoft.com/kb/5014011
support.microsoft.com/kb/5014025
support.microsoft.com/kb/5025224
support.microsoft.com/kb/5025228
support.microsoft.com/kb/5025229
support.microsoft.com/kb/5025230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22713
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23279
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24466
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26913
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26925
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29106
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29150
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29151
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21972
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22011
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22012
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22013
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22014
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22015
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22016
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22017
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22019
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22713
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23270
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23279
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24466
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26913
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26926
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26927
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26930
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26931
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26932
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26933
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26934
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26935
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26936
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26937
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26938
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26939
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26940
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29102
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29103
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29104
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29105
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29106
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29112
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29113
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29114
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29115
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29116
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29120
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29121
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29122
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29123
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29125
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29126
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29127
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29128
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29129
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29130
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29131
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29132
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29133
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29134
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29135
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29137
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29138
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29139
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29140
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29141
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29142
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29150
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29151
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2016/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2019/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.906 High
EPSS
Percentile
98.8%