Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12532
HistoryMay 12, 2022 - 12:00 a.m.

KLA12532 Elevation of privilege in Microsoft Products (ESU)

2022-05-1200:00:00
Kaspersky Lab
threats.kaspersky.com
49

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

23.8%

JSON

Detect date:

05/12/2022

Severity:

High

Description:

Elevation of privilege was found in Microsoft Products (Extended Security Update). Malicious users can exploit this vulnerability to gain privileges.

Affected products:

Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-30138

Impacts:

PE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2022-301387.2High

KB list:

5014010
5013999
5014006
5014012
5014018
5014001
5014011
5014017

Microsoft official advisories:

Related

cve 1
mscve 1
prion 1
kaspersky 1
zdi 1
mskb 16
nessus 11
openvas 1
cve
cve
CVE-2022-30138
2022-05-18 23:15:00
mscve
mscve
Windows Print Spooler Elevation of Privilege Vulnerability
2022-05-12 07:00:00
prion
prion
Privilege escalation
2022-05-18 23:15:00
kaspersky
kaspersky
KLA12533 Elevation of privilege in Microsoft Windows
2022-05-12 00:00:00
zdi
zdi
Microsoft Windows Print Spooler Service Link Following Local Privilege Escalation Vulnerability
2022-05-10 00:00:00
mskb
mskb
May 10, 2022—KB5014010 (Monthly Rollup)
2022-05-12 07:00:00
May 10, 2022—KB5014006 (Security-only update)
2022-05-12 07:00:00
May 10, 2022—KB5014012 (Monthly Rollup)
2022-05-12 07:00:00
nessus
nessus
KB5014006: Windows Server 2008 Security Update (May 2022)
2022-05-10 00:00:00
KB5013999: Windows 7 and Windows Server 2008 R2 Security Update (May 2022)
2022-05-10 00:00:00
KB5013963: Windows 10 LTS 1507 Security Update (May 2022)
2022-05-10 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5013943)
2023-08-08 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

23.8%

JSON
Related for KLA12532
cve1mscve1prion1kaspersky1zdi1mskb16nessus11openvas1