Kaspersky LabKLA12580KLA12580 Multiple vulnerabilities in Microsoft Windows
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.715 High
EPSS
Percentile
98.0%
Detect date:
07/12/2022
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, cause denial of service, spoof user interface.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 8.1 for 32-bit systems
Remote Desktop client for Windows Desktop
Windows 10 Version 21H1 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows RT 8.1
Windows Server 2019
Windows Server 2012
Windows 10 Version 21H1 for ARM64-based Systems
Windows Server 2022
Windows 8.1 for x64-based systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2019 (Server Core installation)
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2022-30206
CVE-2022-30222
CVE-2022-30203
CVE-2022-22023
CVE-2022-30221
CVE-2022-30211
CVE-2022-30214
CVE-2022-30212
CVE-2022-30202
CVE-2022-22037
CVE-2022-22031
CVE-2022-33644
CVE-2022-22048
CVE-2022-22036
CVE-2022-22028
CVE-2022-30205
CVE-2022-22047
CVE-2022-30225
CVE-2022-30216
CVE-2022-21845
CVE-2022-22042
CVE-2022-30220
CVE-2022-22039
CVE-2022-22038
CVE-2022-22049
CVE-2022-30223
CVE-2022-22026
CVE-2022-30209
CVE-2022-22711
CVE-2022-22040
CVE-2022-22050
CVE-2022-22025
CVE-2022-22043
CVE-2022-30224
CVE-2022-22024
CVE-2022-22034
CVE-2022-30226
CVE-2022-22041
CVE-2022-22022
CVE-2022-30208
CVE-2022-30215
CVE-2022-22045
CVE-2022-30213
CVE-2022-22027
CVE-2022-22029
CVE-2022-29900
CVE-2022-23825
CVE-2022-27776
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-302067.8Critical
CVE-2022-302228.4Critical
CVE-2022-302037.4High
CVE-2022-238256.5High
CVE-2022-220236.6High
CVE-2022-302218.8Critical
CVE-2022-302117.5Critical
CVE-2022-302146.6High
CVE-2022-302124.7Warning
CVE-2022-302027.0High
CVE-2022-220377.5Critical
CVE-2022-277766.5High
CVE-2022-220317.8Critical
CVE-2022-336447.0High
CVE-2022-220486.1High
CVE-2022-220367.0High
CVE-2022-220285.9High
CVE-2022-302056.6High
CVE-2022-220477.8Critical
CVE-2022-302257.1High
CVE-2022-302168.8Critical
CVE-2022-218454.7Warning
CVE-2022-220426.5High
CVE-2022-302207.8Critical
CVE-2022-220397.5Critical
CVE-2022-220388.1Critical
CVE-2022-220497.8Critical
CVE-2022-302235.7High
CVE-2022-220268.8Critical
CVE-2022-302097.4High
CVE-2022-227115.7High
CVE-2022-220407.3High
CVE-2022-220507.8Critical
CVE-2022-220257.5Critical
CVE-2022-220437.8Critical
CVE-2022-302247.0High
CVE-2022-220247.8Critical
CVE-2022-220347.8Critical
CVE-2022-302267.1High
CVE-2022-220416.8High
CVE-2022-220227.1High
CVE-2022-302086.5High
CVE-2022-302157.5Critical
CVE-2022-220457.8Critical
CVE-2022-302135.5High
CVE-2022-220277.8Critical
CVE-2022-220298.1Critical
CVE-2022-299006.5High
KB list:
5015808
5015875
5015811
5015863
5015877
5015807
5015832
5015874
5015814
5015827
5023752
5023764
5023756
5023713
5023765
5023698
5023702
5023696
5023697
5026456
5026370
5026368
5026361
Microsoft official advisories:
References
support.microsoft.com/kb/5015807
support.microsoft.com/kb/5015808
support.microsoft.com/kb/5015811
support.microsoft.com/kb/5015814
support.microsoft.com/kb/5015827
support.microsoft.com/kb/5015832
support.microsoft.com/kb/5015863
support.microsoft.com/kb/5015874
support.microsoft.com/kb/5015875
support.microsoft.com/kb/5015877
support.microsoft.com/kb/5023696
support.microsoft.com/kb/5023697
support.microsoft.com/kb/5023698
support.microsoft.com/kb/5023702
support.microsoft.com/kb/5023713
support.microsoft.com/kb/5023752
support.microsoft.com/kb/5023756
support.microsoft.com/kb/5023764
support.microsoft.com/kb/5023765
support.microsoft.com/kb/5026361
support.microsoft.com/kb/5026368
support.microsoft.com/kb/5026370
support.microsoft.com/kb/5026456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22029
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22031
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22036
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22711
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30211
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30213
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30215
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30216
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30220
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30221
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30222
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30223
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30226
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33644
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21845
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22022
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22023
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22024
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22025
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22026
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22027
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22028
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22029
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22031
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22034
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22036
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22037
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22038
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22039
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22040
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22041
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22042
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22043
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22045
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22048
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22049
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22050
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22711
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23825
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-27776
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29900
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30202
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30203
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30205
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30206
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30208
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30209
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30211
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30212
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30213
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30214
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30215
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30216
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30220
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30221
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30222
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30223
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30224
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30225
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30226
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33644
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Remote-Desktop/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-11/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2016/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2019/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
Related
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.715 High
EPSS
Percentile
98.0%