Kaspersky LabKLA20233KLA20233 Multiple vulnerabilities in Microsoft Windows
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.825 High
EPSS
Percentile
98.3%
Detect date:
02/14/2023
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Windows Server 2019 (Server Core installation)
Windows 11 Version 22H2 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 22H2 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows Server 2012
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2012 R2
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2022
Windows Server 2012 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows 10 Version 20H2 for x64-based Systems
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2023-21699
CVE-2023-21804
CVE-2023-21801
CVE-2023-21803
CVE-2023-21823
CVE-2023-21689
CVE-2023-21690
CVE-2023-21817
CVE-2023-21693
CVE-2023-21816
CVE-2023-21805
CVE-2023-21819
CVE-2023-21812
CVE-2023-21701
CVE-2023-21688
CVE-2023-21822
CVE-2023-21820
CVE-2023-21687
CVE-2023-21694
CVE-2023-21695
CVE-2023-21700
CVE-2023-21685
CVE-2023-21799
CVE-2023-21818
CVE-2023-21697
CVE-2023-21811
CVE-2023-21684
CVE-2023-21692
CVE-2023-21702
CVE-2023-23376
CVE-2023-21686
CVE-2023-21802
CVE-2023-21797
CVE-2023-21813
CVE-2023-21798
CVE-2023-21691
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2023-216995.3High
CVE-2023-218017.8Critical
CVE-2023-218039.8Critical
CVE-2023-218237.8Critical
CVE-2023-216899.8Critical
CVE-2023-216909.8Critical
CVE-2023-218177.8Critical
CVE-2023-216935.7High
CVE-2023-218167.5Critical
CVE-2023-218057.8Critical
CVE-2023-218127.8Critical
CVE-2023-217017.5Critical
CVE-2023-216887.8Critical
CVE-2023-218227.8Critical
CVE-2023-218207.4High
CVE-2023-216958.8Critical
CVE-2023-216946.8High
CVE-2023-217007.5Critical
CVE-2023-216858.8Critical
CVE-2023-217998.8Critical
CVE-2023-218187.5Critical
CVE-2023-216975.5High
CVE-2023-218117.5Critical
CVE-2023-216848.8Critical
CVE-2023-216929.8Critical
CVE-2023-217027.5Critical
CVE-2023-233767.8Critical
CVE-2023-216868.8Critical
CVE-2023-218027.8Critical
CVE-2023-217978.8Critical
CVE-2023-218137.5Critical
CVE-2023-217988.8Critical
CVE-2023-216917.5Critical
CVE-2023-218047.8Critical
CVE-2023-218197.5Critical
CVE-2023-216875.5High
KB list:
5022835
5022836
5022840
5022842
5022838
5022845
5022903
5022858
5022834
5022899
5022894
5022895
5022921
Microsoft official advisories:
References
support.microsoft.com/kb/5022834
support.microsoft.com/kb/5022835
support.microsoft.com/kb/5022836
support.microsoft.com/kb/5022838
support.microsoft.com/kb/5022840
support.microsoft.com/kb/5022842
support.microsoft.com/kb/5022845
support.microsoft.com/kb/5022858
support.microsoft.com/kb/5022894
support.microsoft.com/kb/5022895
support.microsoft.com/kb/5022899
support.microsoft.com/kb/5022903
support.microsoft.com/kb/5022921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21684
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21685
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21686
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21692
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21802
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21803
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21805
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21817
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21818
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23376
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21684
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21685
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21686
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21687
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21688
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21690
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21691
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21692
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21693
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21694
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21695
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21697
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21699
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21700
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21701
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21702
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21797
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21798
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21799
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21801
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21802
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21804
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21805
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21811
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21812
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21813
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21816
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21817
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21818
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21819
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21820
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23376
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-11/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2016/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2019/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.825 High
EPSS
Percentile
98.3%