Kaspersky LabKLA20158KLA20158 Multiple vulnerabilities in Microsoft Products (ESU)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.2%
Detect date:
01/10/2023
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2023-21773
CVE-2023-21757
CVE-2023-21730
CVE-2023-21681
CVE-2023-21546
CVE-2023-21765
CVE-2023-21555
CVE-2023-21525
CVE-2023-21532
CVE-2023-21563
CVE-2023-21527
CVE-2023-21772
CVE-2023-21754
CVE-2023-21728
CVE-2023-21537
CVE-2023-21679
CVE-2023-21746
CVE-2023-21675
CVE-2023-21760
CVE-2023-21750
CVE-2023-21548
CVE-2023-21749
CVE-2023-21752
CVE-2023-21542
CVE-2023-21732
CVE-2023-21535
CVE-2023-21543
CVE-2023-21776
CVE-2023-21726
CVE-2023-21774
CVE-2023-21556
CVE-2023-21541
CVE-2023-21561
CVE-2023-21747
CVE-2023-21748
CVE-2023-21552
CVE-2023-21678
CVE-2023-21560
CVE-2023-21557
CVE-2023-21680
CVE-2023-21682
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2023-217577.5Critical
CVE-2023-217307.8Critical
CVE-2023-215558.1Critical
CVE-2023-215327.0High
CVE-2023-215636.8High
CVE-2023-215277.5Critical
CVE-2023-217727.8Critical
CVE-2023-217547.8Critical
CVE-2023-217287.5Critical
CVE-2023-216798.1Critical
CVE-2023-217467.8Critical
CVE-2023-217497.8Critical
CVE-2023-217328.8Critical
CVE-2023-215358.1Critical
CVE-2023-217747.8Critical
CVE-2023-215568.1Critical
CVE-2023-215527.8Critical
CVE-2023-215606.6High
CVE-2023-215577.5Critical
CVE-2023-216807.8Critical
CVE-2023-217737.8Critical
CVE-2023-216818.8Critical
CVE-2023-215468.1Critical
CVE-2023-217657.8Critical
CVE-2023-215255.3High
CVE-2023-215377.8Critical
CVE-2023-216757.8Critical
CVE-2023-217607.1High
CVE-2023-217507.1High
CVE-2023-215488.1Critical
CVE-2023-217527.1High
CVE-2023-215427.0High
CVE-2023-215438.1Critical
CVE-2023-217765.5High
CVE-2023-217267.8Critical
CVE-2023-215417.8Critical
CVE-2023-215617.8Critical
CVE-2023-217477.8Critical
CVE-2023-217487.8Critical
CVE-2023-216787.8Critical
CVE-2023-216825.3High
KB list:
5022338
5022353
5022340
5022339
Microsoft official advisories:
References
support.microsoft.com/kb/5022338
support.microsoft.com/kb/5022339
support.microsoft.com/kb/5022340
support.microsoft.com/kb/5022353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21541
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21555
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21556
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21557
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21560
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21561
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21563
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21678
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21679
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21681
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21726
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21728
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21730
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21732
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21747
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21776
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21525
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21527
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21532
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21535
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21537
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21541
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21542
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21543
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21546
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21548
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21552
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21555
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21556
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21557
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21560
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21561
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21563
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21675
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21678
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21679
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21680
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21681
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21682
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21726
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21728
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21730
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21732
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21746
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21747
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21748
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21749
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21750
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21752
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21754
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21757
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21760
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21765
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21772
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21773
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21774
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21776
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.2%