Lucene search

K
kasperskyKaspersky LabKLA12603
HistoryAug 09, 2022 - 12:00 a.m.

KLA12603 Multiple vulnerabilities in Microsoft Products (ESU)

2022-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
23
microsoft
esu
denial of service
privilege escalation
code execution
sensitive information disclosure
security restrictions bypass
windows
remote
vulnerability
hyper-v
kernel
remote code execution
ppp
sstp
lsa
information disclosure
http.sys
unified write filter
digital media receiver
cve-2022-35759
cve-2022-34690
cve-2022-35745
cve-2022-35750
cve-2022-34708

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.625

Percentile

97.9%

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to cause denial of service.
  2. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  4. A remote code execution vulnerability in Windows WebBrowser Control can be exploited remotely to execute arbitrary code.
  5. A remote code execution vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to execute arbitrary code.
  6. A remote code execution vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to execute arbitrary code.
  7. A denial of service vulnerability in Windows Point-to-Point Protocol (PPP) can be exploited remotely to cause denial of service.
  8. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  9. An elevation of privilege vulnerability in Microsoft ATA Port Driver can be exploited remotely to gain privileges.
  10. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  11. A remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) can be exploited remotely to execute arbitrary code.
  12. An elevation of privilege vulnerability in Windows Fax Service can be exploited remotely to gain privileges.
  13. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  14. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  15. A denial of service vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to cause denial of service.
  16. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
  17. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to gain privileges.
  19. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
  20. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  21. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
  22. An elevation of privilege vulnerability in Unified Write Filter can be exploited remotely to gain privileges.
  23. An elevation of privilege vulnerability in Windows Digital Media Receiver can be exploited remotely to gain privileges.
  24. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  25. An elevation of privilege vulnerability in Windows Partition Management Driver can be exploited remotely to gain privileges.
  26. A security vulnerability in Windows can be exploited remotely to bypass security restrictions.

Original advisories

CVE-2022-35759

CVE-2022-34690

CVE-2022-35745

CVE-2022-35750

CVE-2022-34708

CVE-2022-35753

CVE-2022-34691

CVE-2022-35751

CVE-2022-34701

CVE-2022-34707

CVE-2022-34713

CVE-2022-35820

CVE-2022-30194

CVE-2022-35744

CVE-2022-34706

CVE-2022-34714

CVE-2022-30133

CVE-2022-35758

CVE-2022-35767

CVE-2022-35769

CVE-2022-35795

CVE-2022-35760

CVE-2022-35768

CVE-2022-35752

CVE-2022-35793

CVE-2022-35747

CVE-2022-35743

CVE-2022-35756

CVE-2022-34702

CVE-2022-35748

CVE-2022-35754

CVE-2022-35755

CVE-2022-35749

CVE-2022-34696

CVE-2022-33670

CVE-2022-34302

CVE-2022-35746

CVE-2022-34301

CVE-2022-34303

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2022-35759 high

CVE-2022-34303 high

CVE-2022-35751 critical

CVE-2022-34707 critical

CVE-2022-30194 critical

CVE-2022-35744 critical

CVE-2022-34714 critical

CVE-2022-34301 high

CVE-2022-35767 critical

CVE-2022-35769 critical

CVE-2022-35795 critical

CVE-2022-35760 critical

CVE-2022-35793 high

CVE-2022-35747 high

CVE-2022-35743 critical

CVE-2022-34702 critical

CVE-2022-34690 high

CVE-2022-35745 critical

CVE-2022-35750 critical

CVE-2022-34708 high

CVE-2022-35753 critical

CVE-2022-34701 critical

CVE-2022-34691 critical

CVE-2022-34302 high

CVE-2022-35746 critical

CVE-2022-34713 critical

CVE-2022-35820 critical

CVE-2022-34696 critical

CVE-2022-33670 critical

CVE-2022-34706 critical

CVE-2022-35754 high

CVE-2022-35748 critical

CVE-2022-30133 critical

CVE-2022-35758 high

CVE-2022-35755 high

CVE-2022-35749 critical

CVE-2022-35768 critical

CVE-2022-35752 critical

CVE-2022-35756 critical

KB list

5016672

5016683

5016684

5016681

5012170

5016686

5016669

5016679

5016676

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2012 R2 (Server Core installation)

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.625

Percentile

97.9%