Lucene search

Kaspersky LabKLA48553

HistoryMar 14, 2023 - 12:00 a.m.

KLA48553 Multiple vulnerabilities in Microsoft Windows

2023-03-1400:00:00

Kaspersky Lab

threats.kaspersky.com

220

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.4%

JSON

Detect date:

03/14/2023

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Windows 10 Version 22H2 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 20H2 for 32-bit Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 for x64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 11 version 21H2 for x64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows Server 2012 R2
Windows 10 Version 1607 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2016
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2019

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2023-24861
CVE-2023-23400
CVE-2023-23423
CVE-2023-24910
CVE-2023-24868
CVE-2023-24858
CVE-2023-23413
CVE-2023-23418
CVE-2023-24907
CVE-2023-23422
CVE-2023-24870
CVE-2023-23415
CVE-2023-1018
CVE-2023-21708
CVE-2023-24865
CVE-2023-23385
CVE-2023-23393
CVE-2023-24913
CVE-2023-24866
CVE-2023-23414
CVE-2023-23421
CVE-2023-24871
CVE-2023-23410
CVE-2023-23407
CVE-2023-23403
CVE-2023-23411
CVE-2023-23406
CVE-2023-23401
CVE-2023-24859
CVE-2023-24911
CVE-2023-24867
CVE-2023-24909
CVE-2023-23405
CVE-2023-23404
CVE-2023-23392
CVE-2023-24880
CVE-2023-24856
CVE-2023-24876
CVE-2023-23412
CVE-2023-24863
CVE-2023-24872
CVE-2023-24862
CVE-2023-23420
CVE-2023-23409
CVE-2023-23417
CVE-2023-24908
CVE-2023-24869
CVE-2023-23416
CVE-2023-23419
CVE-2023-23394
CVE-2023-24857
CVE-2023-1017
CVE-2023-23402
CVE-2023-24906
CVE-2023-24864
CVE-2023-23388

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

KB list:

5023786
5023752
5023764
5023706
5023756
5023713
5023765
5023698
5023702
5023696
5023697
5023705

Microsoft official advisories:

References

support.microsoft.com/kb/5023696

support.microsoft.com/kb/5023697

support.microsoft.com/kb/5023698

support.microsoft.com/kb/5023702

support.microsoft.com/kb/5023705

support.microsoft.com/kb/5023706

support.microsoft.com/kb/5023713

support.microsoft.com/kb/5023752

support.microsoft.com/kb/5023756

support.microsoft.com/kb/5023764

support.microsoft.com/kb/5023765

support.microsoft.com/kb/5023786

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1017

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1018

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21708

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23385

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23388

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23392

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23393

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23394

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23400

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23401

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23402

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23403

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23404

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23405

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23406

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23407

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23409

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23410

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23411

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23412

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23413

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23414

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23415

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23416

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23417

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23418

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23419

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23420

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23421

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23422

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23423

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24856

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24857

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24858

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24859

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24861

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24862

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24863

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24864

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24865

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24866

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24867

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24868

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24869

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24870

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24871

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24872

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24876

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24880

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24906

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24907

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24908

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24909

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24910

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24911

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24913

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1017

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1018

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21708

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23385

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23388

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23392

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23393

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23394

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23400

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23401

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23402

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23403

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23404

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23405

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23406

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23407

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23409

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23410

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23411

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23412

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23413

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23414

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23416

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23417

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23418

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23419

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23420

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23421

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23422

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23423

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24856

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24857

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24858

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24859

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24861

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24862

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24863

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24864

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24865

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24866

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24867

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24868

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24869

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24870

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24871

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24872

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24876

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24880

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24906

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24907

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24908

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24909

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24910

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24911

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24913

portal.msrc.microsoft.com/en-us/security-guidance

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/class/Exploit/

threats.kaspersky.com/en/product/Microsoft-Windows-10/

threats.kaspersky.com/en/product/Microsoft-Windows-11/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2016/

threats.kaspersky.com/en/product/Microsoft-Windows-Server-2019/

threats.kaspersky.com/en/product/Microsoft-Windows-Server/

threats.kaspersky.com/en/product/Microsoft-Windows/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.028 Low

EPSS

Percentile

90.4%

JSON