Kaspersky LabKLA50315KLA50315 Multiple vulnerabilities in Microsoft Windows
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.14 Low
EPSS
Percentile
96.0%
Detect date:
06/13/2023
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service, spoof user interface.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2022
Windows 11 version 21H2 for x64-based Systems
Remote Desktop client for Windows Desktop
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows Server 2022 (Server Core installation)
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows Server 2012 R2
Windows 10 Version 21H2 for ARM64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows Server 2019
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2023-29351
CVE-2023-29360
CVE-2023-29355
CVE-2023-32015
CVE-2023-29372
CVE-2023-29371
CVE-2023-32010
CVE-2023-32016
CVE-2023-32022
CVE-2023-29361
CVE-2023-32017
CVE-2023-29367
CVE-2023-29366
CVE-2023-29373
CVE-2023-24937
CVE-2023-29362
CVE-2023-29369
CVE-2023-32013
CVE-2023-29352
CVE-2023-29368
CVE-2023-29358
CVE-2023-32018
CVE-2023-29365
CVE-2023-29370
CVE-2023-32009
CVE-2023-32020
CVE-2023-32019
CVE-2023-32008
CVE-2023-32014
CVE-2023-29359
CVE-2023-29363
CVE-2023-24938
CVE-2023-29346
CVE-2023-29364
CVE-2023-32012
CVE-2023-32021
CVE-2023-32011
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2023-293518.1Critical
CVE-2023-293608.4Critical
CVE-2023-293555.3High
CVE-2023-320159.8Critical
CVE-2023-293728.8Critical
CVE-2023-293717.8Critical
CVE-2023-320107.0High
CVE-2023-320165.5High
CVE-2023-320227.6Critical
CVE-2023-293617.0High
CVE-2023-320177.8Critical
CVE-2023-293677.8Critical
CVE-2023-293667.8Critical
CVE-2023-293738.8Critical
CVE-2023-249376.5High
CVE-2023-293628.8Critical
CVE-2023-293696.5High
CVE-2023-320135.3High
CVE-2023-293526.5High
CVE-2023-293687.0High
CVE-2023-293587.8Critical
CVE-2023-320187.8Critical
CVE-2023-293657.8Critical
CVE-2023-293707.8Critical
CVE-2023-320098.8Critical
CVE-2023-320205.6High
CVE-2023-320194.7Warning
CVE-2023-320087.8Critical
CVE-2023-320149.8Critical
CVE-2023-293597.8Critical
CVE-2023-293639.8Critical
CVE-2023-249386.5High
CVE-2023-293467.8Critical
CVE-2023-293647.0High
CVE-2023-320127.8Critical
CVE-2023-320217.1High
CVE-2023-320117.5Critical
KB list:
5027223
5027225
5027230
5027219
5027215
5027222
5027231
5027319
Microsoft official advisories:
References
support.microsoft.com/kb/5027215
support.microsoft.com/kb/5027219
support.microsoft.com/kb/5027222
support.microsoft.com/kb/5027223
support.microsoft.com/kb/5027225
support.microsoft.com/kb/5027230
support.microsoft.com/kb/5027231
support.microsoft.com/kb/5027319
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29360
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29361
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29363
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29364
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29366
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29367
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29368
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29369
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29370
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29371
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32022
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24937
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24938
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29346
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29351
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29352
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29355
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29358
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29359
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29361
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29362
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29363
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29364
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29365
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29366
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29367
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29368
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29369
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29370
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29371
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29372
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29373
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32008
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32009
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32010
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32011
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32012
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32013
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32014
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32015
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32016
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32017
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32018
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32020
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32021
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32022
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Remote-Desktop/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-11/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2016/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2019/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.14 Low
EPSS
Percentile
96.0%