Kaspersky LabKLA20047KLA20047 Multiple vulnerabilities in Microsoft Windows
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.253 Low
EPSS
Percentile
96.6%
Detect date:
11/08/2022
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code, bypass security restrictions, obtain sensitive information.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2012 R2
Windows Server 2016
Windows Server 2012 (Server Core installation)
Windows Server 2016 (Server Core installation)
Windows 10 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 8.1 for 32-bit systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 1607 for x64-based Systems
Windows RT 8.1
Windows Server 2022 Datacenter: Azure Edition (Hotpatch)
Windows Server 2019
Windows Server 2012
Windows 8.1 for x64-based systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2022
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 11 for x64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1809 for 32-bit Systems
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2022-41050
CVE-2022-41058
CVE-2022-37966
CVE-2022-41045
CVE-2022-41093
CVE-2022-41048
CVE-2022-41099
CVE-2022-41096
CVE-2022-41125
CVE-2022-41088
CVE-2022-41102
CVE-2022-41092
CVE-2022-41109
CVE-2022-41055
CVE-2022-38015
CVE-2022-41095
CVE-2022-41090
CVE-2022-41100
CVE-2022-41098
CVE-2022-41053
CVE-2022-23824
CVE-2022-41114
CVE-2022-41113
CVE-2022-41097
CVE-2022-41073
CVE-2022-41091
CVE-2022-41054
CVE-2022-41047
CVE-2022-41086
CVE-2022-37967
CVE-2022-41128
CVE-2022-37992
CVE-2022-41052
CVE-2022-41049
CVE-2022-41056
CVE-2022-38023
CVE-2022-41039
CVE-2022-41057
CVE-2022-41118
CVE-2022-41101
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-410585.0Warning
CVE-2022-379665.0Warning
CVE-2022-410905.0Warning
CVE-2022-410455.0Warning
CVE-2022-411185.0Warning
CVE-2022-410485.0Warning
CVE-2022-410985.0Warning
CVE-2022-410535.0Warning
CVE-2022-410975.0Warning
CVE-2022-238245.0Warning
CVE-2022-410735.0Warning
CVE-2022-410475.0Warning
CVE-2022-410865.0Warning
CVE-2022-379675.0Warning
CVE-2022-411285.0Warning
CVE-2022-379925.0Warning
CVE-2022-411095.0Warning
CVE-2022-410565.0Warning
CVE-2022-380235.0Warning
CVE-2022-410395.0Warning
CVE-2022-410575.0Warning
CVE-2022-410955.0Warning
CVE-2022-410505.0Warning
CVE-2022-410935.0Warning
CVE-2022-410995.0Warning
CVE-2022-410965.0Warning
CVE-2022-411255.0Warning
CVE-2022-410885.0Warning
CVE-2022-411025.0Warning
CVE-2022-410925.0Warning
CVE-2022-410555.0Warning
CVE-2022-380155.0Warning
CVE-2022-411005.0Warning
CVE-2022-411145.0Warning
CVE-2022-411135.0Warning
CVE-2022-410915.0Warning
CVE-2022-410545.0Warning
CVE-2022-410525.0Warning
CVE-2022-410495.0Warning
CVE-2022-411015.0Warning
KB list:
5019970
5019958
5019966
5020023
5019080
5020010
5019959
5019980
5019081
5019961
5019964
5022287
5022291
5022286
5022303
5022282
5028171
5028168
5028169
5031364
5031362
5031361
Microsoft official advisories:
References
support.microsoft.com/kb/5019080
support.microsoft.com/kb/5019081
support.microsoft.com/kb/5019958
support.microsoft.com/kb/5019959
support.microsoft.com/kb/5019961
support.microsoft.com/kb/5019964
support.microsoft.com/kb/5019966
support.microsoft.com/kb/5019970
support.microsoft.com/kb/5019980
support.microsoft.com/kb/5020010
support.microsoft.com/kb/5020023
support.microsoft.com/kb/5022282
support.microsoft.com/kb/5022286
support.microsoft.com/kb/5022287
support.microsoft.com/kb/5022291
support.microsoft.com/kb/5022303
support.microsoft.com/kb/5028168
support.microsoft.com/kb/5028169
support.microsoft.com/kb/5028171
support.microsoft.com/kb/5031361
support.microsoft.com/kb/5031362
support.microsoft.com/kb/5031364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41128
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23824
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37992
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38015
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38023
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41039
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41045
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41047
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41048
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41049
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41050
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41052
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41053
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41054
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41055
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41056
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41057
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41058
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41073
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41086
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41088
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41090
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41091
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41092
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41093
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41095
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41096
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41097
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41098
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41100
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41101
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41102
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41109
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41113
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41114
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41118
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41125
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Azure/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-11/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2016/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2019/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.253 Low
EPSS
Percentile
96.6%