Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12569
HistoryJun 14, 2022 - 12:00 a.m.

KLA12569 Multiple vulnerabilities in Microsoft Windows

2022-06-1400:00:00
Kaspersky Lab
threats.kaspersky.com
159

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.889 High

EPSS

Percentile

98.7%

JSON

Detect date:

06/14/2022

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2016 (Server Core installation)
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows 10 Version 21H1 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
AV1 Video Extension
Windows 11 for ARM64-based Systems
Windows RT 8.1
Windows Server 2019
Windows Server 2012
HEVC Video Extension
Windows 10 Version 21H1 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2022
HEVC Video Extensions
Windows 8.1 for x64-based systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-30152
CVE-2022-22018
CVE-2022-21125
CVE-2022-21123
CVE-2022-30131
CVE-2022-30162
CVE-2022-30150
CVE-2022-30151
CVE-2022-30136
CVE-2022-32230
CVE-2022-30165
CVE-2022-30154
CVE-2022-30164
CVE-2022-30163
CVE-2022-30155
CVE-2022-29119
CVE-2022-30135
CVE-2022-29111
CVE-2022-30153
CVE-2022-30140
CVE-2022-30160
CVE-2022-30148
CVE-2022-30167
CVE-2022-30132
CVE-2022-21166
CVE-2022-30149
CVE-2022-30139
CVE-2022-30142
CVE-2022-30161
CVE-2022-30146
CVE-2022-21127
CVE-2022-30193
CVE-2022-30147
CVE-2022-30166
CVE-2022-30189
CVE-2022-30145
CVE-2022-30141
CVE-2022-30188
CVE-2022-30143

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2022-301527.5Critical
CVE-2022-211255.5High
CVE-2022-301607.8Critical
CVE-2022-211235.5High
CVE-2022-211665.5High
CVE-2022-301497.5Critical
CVE-2022-301517.0High
CVE-2022-301427.5Critical
CVE-2022-301618.8Critical
CVE-2022-301467.5Critical
CVE-2022-211275.5High
CVE-2022-301477.8Critical
CVE-2022-301667.8Critical
CVE-2022-301418.1Critical
CVE-2022-301638.5Critical
CVE-2022-301555.5High
CVE-2022-301357.8Critical
CVE-2022-301538.8Critical
CVE-2022-301437.5Critical
CVE-2022-301407.5Critical
CVE-2022-220187.8Critical
CVE-2022-301317.8Critical
CVE-2022-301625.5High
CVE-2022-301507.5Critical
CVE-2022-301369.8Critical
CVE-2022-322307.5Critical
CVE-2022-301658.8Critical
CVE-2022-301545.3High
CVE-2022-301647.8Critical
CVE-2022-291197.8Critical
CVE-2022-291117.8Critical
CVE-2022-301485.5High
CVE-2022-301677.8Critical
CVE-2022-301327.8Critical
CVE-2022-301397.5Critical
CVE-2022-301937.8Critical
CVE-2022-301896.5High
CVE-2022-301457.5Critical
CVE-2022-301887.8Critical

KB list:

5013942
5013941
5013943
5013945
5014702
5014699
5014692
5014710
5014747
5014678
5014738
5014741
5014697
5014746
5014677

Microsoft official advisories:

References

Related

mskb 15
nessus 46
openvas 18
kaspersky 1
avleonov 1
rapid7blog 1
oraclelinux 11
intel 1
malwarebytes 2
mscve 16
mageia 2
hp 1
qualysblog 1
citrix 1
osv 9
thn 1
f5 1
debian 1
almalinux 2
vmware 1
rocky 3
xen 1
fedora 3
ubuntu 4
redhat 10
ibm 1
centos 1
prion 21
cve 19
cnvd 4
mskb
mskb
June 14, 2022—KB5014692 (OS Build 17763.3046)
2022-06-14 07:00:00
June 14, 2022— KB5014677 (OS Build 20348.770)
2022-06-14 07:00:00
June 14, 2022—KB5014697 (OS Build 22000.739)
2022-06-14 07:00:00
nessus
nessus
KB5014702: Windows 10 Version 1607 and Windows Server 2016 Security Update (June 2022)
2022-06-14 00:00:00
KB5014692: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2022)
2022-06-14 00:00:00
KB5014746: Windows 8.1 and Windows Server 2012 R2 Security Update (June 2022)
2022-06-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5014702)
2022-06-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5014748)
2022-06-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5014738)
2022-06-15 00:00:00
kaspersky
kaspersky
KLA12568 Multiple vulnerabilities in Microsoft Products (ESU)
2022-06-14 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday June 2022: Follina RCE, NFSV4.1 RCE, LDAP RCEs and bad patches
2022-06-25 12:32:07
rapid7blog
rapid7blog
Patch Tuesday - June 2022
2022-06-14 19:37:50
oraclelinux
oraclelinux
microcode_ctl security update
2022-06-15 00:00:00
microcode_ctl security update
2022-06-14 00:00:00
microcode_ctl security update
2022-06-23 00:00:00
intel
intel
Intel® Processors MMIO Stale Data Advisory
2022-10-19 00:00:00
malwarebytes
malwarebytes
Intel CPU vulnerabilities fixed. But should you update?
2023-03-06 07:00:00
Update now!  Microsoft patches Follina, and many other security updates
2022-06-15 13:17:05
mscve
mscve
Microsoft Guidance on Intel Processor MMIO Stale Data Vulnerabilities
2022-06-14 07:00:00
HEVC Video Extensions Remote Code Execution Vulnerability
2022-06-14 07:00:00
HEVC Video Extensions Remote Code Execution Vulnerability
2022-06-14 07:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2022-06-29 19:18:17
Updated kernel packages fix security vulnerabilities
2022-06-29 19:18:17
hp
hp
Intel® Processors June 2022 Security Update
2022-06-14 00:00:00
qualysblog
qualysblog
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities with 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities with 40 Critical.
2022-06-14 20:00:00
citrix
citrix
Citrix Hypervisor Security Update
2022-06-23 20:06:39
osv
osv
intel-microcode - security update
2022-07-06 00:00:00
Moderate: kernel-rt security and bug fix update
2022-09-13 00:00:00
Moderate: kernel-rt security and bug fix update
2022-09-13 07:36:33
thn
thn
Patch Tuesday: Microsoft Issues Fix for Actively Exploited 'Follina' Vulnerability
2022-06-15 03:42:00
f5
f5
K04808933 : Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127
2022-07-18 00:00:00
debian
debian
[SECURITY] [DSA 5178-1] intel-microcode security update
2022-07-06 13:12:52
almalinux
almalinux
Moderate: kernel security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: kernel-rt security and bug fix update
2022-09-13 00:00:00
vmware
vmware
VMware ESXi addresses DirectPath I/O (PCI-Passthrough) Information Leak vulnerabilities (CVE-2022-21123, CVE-2022-21125, CVE-2022-21166)
2022-06-14 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-09-13 07:36:33
kernel security, bug fix, and enhancement update
2022-09-13 07:37:13
microcode_ctl bug fix and enhancement update
2022-11-02 13:51:49
xen
xen
x86: MMIO Stale Data vulnerabilities
2022-06-14 18:21:00
fedora
fedora
[SECURITY] Fedora 36 Update: xen-4.16.1-4.fc36
2022-07-01 01:09:33
[SECURITY] Fedora 36 Update: kernel-5.18.5-200.fc36
2022-06-17 01:16:22
[SECURITY] Fedora 35 Update: kernel-5.18.5-100.fc35
2022-06-18 01:45:12
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-06-17 00:00:00
Linux kernel (OEM) vulnerabilities
2022-07-01 00:00:00
Linux kernel vulnerabilities
2022-06-16 00:00:00
redhat
redhat
(RHSA-2022:6437) Moderate: kernel-rt security and bug fix update
2022-09-13 07:36:33
(RHSA-2022:6460) Moderate: kernel security, bug fix, and enhancement update
2022-09-13 07:37:13
(RHSA-2022:6872) Important: kernel security update
2022-10-11 12:19:05
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Intel Processors affect IBM Cloud Pak System
2023-03-31 15:06:36
centos
centos
bpftool, kernel, perf, python security update
2022-08-15 17:35:43
prion
prion
Remote code execution
2022-06-15 22:15:00
Remote code execution
2022-06-15 22:15:00
Remote code execution
2022-06-15 22:15:00
cve
cve
CVE-2022-30167
2022-06-15 22:15:00
CVE-2022-30193
2022-06-15 22:15:00
CVE-2022-29111
2022-06-15 22:15:00
cnvd
cnvd
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59679)
2022-06-17 00:00:00
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59676)
2022-06-17 00:00:00
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59678)
2022-06-17 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.889 High

EPSS

Percentile

98.7%

JSON
Related for KLA12569
mskb15nessus46openvas18kaspersky1avleonov1rapid7blog1oraclelinux11intel1malwarebytes2mscve16mageia2hp1qualysblog1citrix1osv9thn1f51debian1almalinux2vmware1rocky3xen1fedora3ubuntu4redhat10ibm1centos1prion21cve19cnvd4