Lucene search

K
kasperskyKaspersky LabKLA49154
HistoryMay 09, 2023 - 12:00 a.m.

KLA49154 Multiple vulnerabilities in Microsoft Windows

2023-05-0900:00:00
Kaspersky Lab
threats.kaspersky.com
49
microsoft windows
arbitrary code execution
security bypass
privilege escalation
sensitive information
denial of service
public exploits
windows server
windows 10
windows 11
av1 video extension
microsoft remote desktop
software updates

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.529

Percentile

97.6%

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges, obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Bluetooth Driver can be exploited remotely to execute arbitrary code.
  2. A security feature bypass vulnerability in Windows MSHTML Platform can be exploited remotely to bypass security restrictions.
  3. An elevation of privilege vulnerability in Windows Backup Service can be exploited remotely to gain privileges.
  4. An information disclosure vulnerability in Windows NTLM Security Support Provider can be exploited remotely to obtain sensitive information.
  5. A denial of service vulnerability in Server for NFS can be exploited remotely to cause denial of service.
  6. A remote code execution vulnerability in AV1 Video Extension can be exploited remotely to execute arbitrary code.
  7. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
  8. A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
  9. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.
  10. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  12. A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to execute arbitrary code.
  13. An information disclosure vulnerability in Microsoft Remote Desktop app for Windows can be exploited remotely to obtain sensitive information.
  14. A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.
  15. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
  16. An information disclosure vulnerability in Windows iSCSI Target Service can be exploited remotely to obtain sensitive information.
  17. A denial of service vulnerability in Remote Procedure Call Runtime can be exploited remotely to cause denial of service.
  18. A security feature bypass vulnerability in Windows Driver Revocation List can be exploited remotely to bypass security restrictions.
  19. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
  20. A denial of service vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to cause denial of service.
  21. A remote code execution vulnerability in Windows Secure Socket Tunneling Protocol (SSTP) can be exploited remotely to execute arbitrary code.
  22. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  23. An information disclosure vulnerability in Windows NFS Portmapper can be exploited remotely to obtain sensitive information.
  24. An information disclosure vulnerability in Windows Bluetooth Driver can be exploited remotely to obtain sensitive information.
  25. A denial of service vulnerability in Windows SMB can be exploited remotely to cause denial of service.

Original advisories

CVE-2023-24947

CVE-2023-29324

CVE-2023-24946

CVE-2023-24900

CVE-2023-24939

CVE-2023-29341

CVE-2023-29325

CVE-2023-24932

CVE-2023-24948

CVE-2023-24902

CVE-2023-24899

CVE-2023-24943

CVE-2023-28290

CVE-2023-24941

CVE-2023-24905

CVE-2023-24945

CVE-2023-24942

CVE-2023-28251

CVE-2023-28283

CVE-2023-24940

CVE-2023-24903

CVE-2023-29340

CVE-2023-24949

CVE-2023-24901

CVE-2023-29336

CVE-2023-24944

CVE-2023-24898

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

Microsoft-Remote-Desktop

CVE list

CVE-2023-24947 critical

CVE-2023-29324 high

CVE-2023-24946 critical

CVE-2023-24900 high

CVE-2023-24939 critical

CVE-2023-29341 critical

CVE-2023-29325 critical

CVE-2023-24932 high

CVE-2023-24948 high

CVE-2023-24902 critical

CVE-2023-24899 high

CVE-2023-24943 critical

CVE-2023-28290 high

CVE-2023-24941 critical

CVE-2023-24905 critical

CVE-2023-24945 high

CVE-2023-24942 critical

CVE-2023-28251 high

CVE-2023-28283 critical

CVE-2023-24940 critical

CVE-2023-24903 critical

CVE-2023-29340 critical

CVE-2023-24949 critical

CVE-2023-24901 critical

CVE-2023-29336 critical

CVE-2023-24944 high

CVE-2023-24898 critical

KB list

5026363

5026382

5026456

5026372

5026362

5026370

5026368

5026361

5040448

5040434

5040437

5040430

5040442

5040427

5040438

5040431

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2012 (Server Core installation)Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 22H2 for x64-based SystemsAV1 Video ExtensionWindows Server 2016 (Server Core installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 for 32-bit SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 10 Version 20H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2022Windows 10 Version 1607 for 32-bit SystemsMicrosoft Remote DesktopWindows 10 Version 22H2 for ARM64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows Server 2019Windows Server 2012 R2Windows 10 Version 1809 for 32-bit SystemsWindows Server 2012Windows Server 2019 (Server Core installation)Windows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2016Windows 10 Version 20H2 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows Server 2012 R2 (Server Core installation)

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.529

Percentile

97.6%