Lucene search

K
kasperskyKaspersky LabKLA48845
HistoryApr 11, 2023 - 12:00 a.m.

KLA48845 Multiple vulnerabilities in Microsoft Windows

2023-04-1100:00:00
Kaspersky Lab
threats.kaspersky.com
141
microsoft windows
vulnerabilities
sensitive information
arbitrary code
denial of service
privileges
security restrictions
public exploits
windows 10
windows 11
windows server
kb updates
windows update
control panel
cve-2023.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.953

Percentile

99.4%

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  3. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
  4. An information disclosure vulnerability in Remote Desktop Protocol Client can be exploited remotely to obtain sensitive information.
  5. A spoofing vulnerability in Windows can be exploited remotely to spoof user interface.
  6. A remote code execution vulnerability in Windows Network Load Balancing can be exploited remotely to execute arbitrary code.
  7. A remote code execution vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions can be exploited remotely to execute arbitrary code.
  8. A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to execute arbitrary code.
  9. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  10. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  12. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  13. An elevation of privilege vulnerability in Windows CNG Key Isolation Service can be exploited remotely to gain privileges.
  14. A remote code execution vulnerability in DHCP Server Service can be exploited remotely to execute arbitrary code.
  15. A remote code execution vulnerability in Windows Point-to-Point Tunneling Protocol can be exploited remotely to execute arbitrary code.
  16. A remote code execution vulnerability in Layer 2 Tunneling Protocol can be exploited remotely to execute arbitrary code.
  17. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  18. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
  19. An information disclosure vulnerability in Windows Kernel Memory can be exploited remotely to obtain sensitive information.
  20. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  21. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  22. An elevation of privilege vulnerability in Netlogon RPC can be exploited remotely to gain privileges.
  23. A denial of service vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to cause denial of service.
  24. A denial of service vulnerability in Windows Network Address Translation (NAT) can be exploited remotely to cause denial of service.
  25. An elevation of privilege vulnerability in Windows Advanced Local Procedure Call (ALPC) can be exploited remotely to gain privileges.
  26. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
  27. A remote code execution vulnerability in Windows Bluetooth Driver can be exploited remotely to execute arbitrary code.
  28. A security feature bypass vulnerability in Windows Group Policy can be exploited remotely to bypass security restrictions.
  29. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  30. A remote code execution vulnerability in Windows Domain Name Service can be exploited remotely to execute arbitrary code.
  31. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely to obtain sensitive information.
  32. An information disclosure vulnerability in Remote Procedure Call Runtime can be exploited remotely to obtain sensitive information.
  33. A remote code execution vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to execute arbitrary code.
  34. An information disclosure vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to obtain sensitive information.
  35. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  36. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  37. A security feature bypass vulnerability in Windows Boot Manager can be exploited remotely to bypass security restrictions.
  38. A remote code execution vulnerability in Windows Kernel can be exploited remotely to execute arbitrary code.
  39. An elevation of privilege vulnerability in Windows NTLM can be exploited remotely to gain privileges.
  40. An elevation of privilege vulnerability in Windows Registry can be exploited remotely to gain privileges.
  41. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  42. An elevation of privilege vulnerability in Windows Clip Service can be exploited remotely to gain privileges.
  43. An information disclosure vulnerability in Windows DNS Server can be exploited remotely to obtain sensitive information.
  44. A security feature bypass vulnerability in Windows Enroll Engine can be exploited remotely to bypass security restrictions.
  45. A remote code execution vulnerability in Raw Image Extension can be exploited remotely to execute arbitrary code.
  46. A security feature bypass vulnerability in Windows Lock Screen can be exploited remotely to bypass security restrictions.
  47. A remote code execution vulnerability in Windows Point-to-Point Protocol over Ethernet (PPPoE) can be exploited remotely to execute arbitrary code.
  48. An elevation of privilege vulnerability in Windows Remote Procedure Call Service (RPCSS) can be exploited remotely to gain privileges.
  49. An information disclosure vulnerability in Windows Network File System can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2023-28267

CVE-2023-24887

CVE-2023-24883

CVE-2023-28233

CVE-2023-28243

CVE-2023-28244

CVE-2023-28308

CVE-2023-28274

CVE-2023-28221

CVE-2023-28218

CVE-2023-28229

CVE-2023-28249

CVE-2023-28266

CVE-2023-28293

CVE-2023-28231

CVE-2023-24886

CVE-2023-24929

CVE-2023-28237

CVE-2023-28219

CVE-2023-28225

CVE-2023-28275

CVE-2023-28248

CVE-2023-24912

CVE-2023-28236

CVE-2023-28255

CVE-2023-28217

CVE-2023-28216

CVE-2023-24928

CVE-2023-28302

CVE-2023-28227

CVE-2023-28276

CVE-2023-21727

CVE-2023-28307

CVE-2023-28234

CVE-2023-24925

CVE-2023-28223

CVE-2023-28246

CVE-2023-24914

CVE-2023-21729

CVE-2023-21769

CVE-2023-28272

CVE-2023-28306

CVE-2023-28298

CVE-2023-28273

CVE-2023-28269

CVE-2023-28228

CVE-2023-28240

CVE-2023-28238

CVE-2023-28250

CVE-2023-28252

CVE-2023-24931

CVE-2023-28277

CVE-2023-28226

CVE-2023-28232

CVE-2023-28291

CVE-2023-21554

CVE-2023-28271

CVE-2023-28253

CVE-2023-28254

CVE-2023-28268

CVE-2023-28270

CVE-2023-24924

CVE-2023-28305

CVE-2023-28241

CVE-2023-28256

CVE-2023-28235

CVE-2023-28278

CVE-2023-28224

CVE-2023-28222

CVE-2023-24885

CVE-2023-28292

CVE-2023-24927

CVE-2023-24884

CVE-2023-28220

CVE-2023-28297

CVE-2023-28247

CVE-2023-24926

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

Microsoft-Remote-Desktop

CVE list

CVE-2023-28272 critical

CVE-2023-28306 high

CVE-2023-28298 high

CVE-2023-28267 high

CVE-2023-28228 high

CVE-2023-28240 critical

CVE-2023-28238 critical

CVE-2023-28250 critical

CVE-2023-28308 high

CVE-2023-28244 critical

CVE-2023-28252 critical

CVE-2023-28218 high

CVE-2023-24931 critical

CVE-2023-28229 high

CVE-2023-28293 critical

CVE-2023-28231 critical

CVE-2023-28232 critical

CVE-2023-28219 critical

CVE-2023-28275 critical

CVE-2023-21554 critical

CVE-2023-28271 high

CVE-2023-24912 critical

CVE-2023-28254 high

CVE-2023-28253 high

CVE-2023-28268 critical

CVE-2023-28255 high

CVE-2023-28305 high

CVE-2023-28241 critical

CVE-2023-28217 critical

CVE-2023-28216 high

CVE-2023-28302 critical

CVE-2023-28227 critical

CVE-2023-28256 high

CVE-2023-28278 high

CVE-2023-28276 warning

CVE-2023-21727 critical

CVE-2023-28222 high

CVE-2023-28307 high

CVE-2023-28220 critical

CVE-2023-28223 high

CVE-2023-28266 high

CVE-2023-21729 high

CVE-2023-21769 critical

CVE-2023-24887 critical

CVE-2023-24883 high

CVE-2023-28233 critical

CVE-2023-28243 critical

CVE-2023-28274 critical

CVE-2023-28221 high

CVE-2023-28249 high

CVE-2023-24886 critical

CVE-2023-24929 critical

CVE-2023-28237 critical

CVE-2023-28225 critical

CVE-2023-28248 critical

CVE-2023-28236 critical

CVE-2023-24928 critical

CVE-2023-28234 critical

CVE-2023-24925 critical

CVE-2023-28246 critical

CVE-2023-24914 high

CVE-2023-28273 high

CVE-2023-28269 high

CVE-2023-28277 warning

CVE-2023-28226 high

CVE-2023-28291 critical

CVE-2023-28270 high

CVE-2023-24924 critical

CVE-2023-28235 high

CVE-2023-28224 high

CVE-2023-24885 critical

CVE-2023-28292 critical

CVE-2023-24927 critical

CVE-2023-24884 critical

CVE-2023-28297 critical

CVE-2023-28247 critical

CVE-2023-24926 critical

KB list

5022287

5022291

5022286

5022297

5022303

5022289

5022282

5025224

5025230

5025229

5025239

5025221

5025228

5025234

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows 10 Version 22H2 for 32-bit SystemsWindows 10 for x64-based SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows 11 version 21H2 for x64-based SystemsWindows Server 2022Windows 10 Version 21H2 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2016Windows Server 2019Windows 10 Version 21H2 for x64-based SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsRaw Image ExtensionWindows 10 Version 22H2 for ARM64-based SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows Server 2019 (Server Core installation)Remote Desktop client for Windows Desktop

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.953

Percentile

99.4%