Lucene search

K
kasperskyKaspersky LabKLA50774
HistoryJul 11, 2023 - 12:00 a.m.

KLA50774 Multiple vulnerabilities in Microsoft Windows

2023-07-1100:00:00
Kaspersky Lab
threats.kaspersky.com
110
microsoft windows; public exploits; arbitrary code; denial of service; sensitive information; security restrictions; gain privileges; spoof user interface; windows 10; windows 11; windows server 2016; windows server 2019; windows server 2022; cve-2023-33167; cve-2023-35316; cve-2023-32034; cve-2023-32057; cve-2023-35318

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.1

Percentile

94.9%

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Office and Windows HTML can be exploited remotely to execute arbitrary code.
  2. A denial of service vulnerability in Remote Procedure Call Runtime can be exploited remotely to cause denial of service.
  3. An information disclosure vulnerability in Remote Procedure Call Runtime can be exploited remotely to obtain sensitive information.
  4. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
  5. A security feature bypass vulnerability in Azure Active Directory can be exploited remotely to bypass security restrictions.
  6. A denial of service vulnerability in Windows Deployment Services can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in Connected User Experiences and Telemetry can be exploited remotely to gain privileges.
  8. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  9. A denial of service vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to cause denial of service.
  10. A remote code execution vulnerability in Windows Active Directory Certificate Services (AD CS) can be exploited remotely to execute arbitrary code.
  11. An information disclosure vulnerability in VP9 Video Extensions can be exploited remotely to obtain sensitive information.
  12. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
  13. An elevation of privilege vulnerability in Windows MSHTML Platform can be exploited remotely to gain privileges.
  14. A security feature bypass vulnerability in Windows Remote Desktop can be exploited remotely to bypass security restrictions.
  15. A remote code execution vulnerability in Windows Network Load Balancing can be exploited remotely to execute arbitrary code.
  16. An information disclosure vulnerability in Windows Print Spooler can be exploited remotely to obtain sensitive information.
  17. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  18. A remote code execution vulnerability in Raw Image Extension can be exploited remotely to execute arbitrary code.
  19. An elevation of privilege vulnerability in Microsoft Install Service can be exploited remotely to gain privileges.
  20. An information disclosure vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to obtain sensitive information.
  21. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  22. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  23. A denial of service vulnerability in Windows CryptoAPI can be exploited remotely to cause denial of service.
  24. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  25. An elevation of privilege vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to gain privileges.
  26. A spoofing vulnerability in Windows Admin Center can be exploited remotely to spoof user interface.
  27. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
  28. A remote code execution vulnerability in Windows Geolocation Service can be exploited remotely to execute arbitrary code.
  29. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  30. A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to execute arbitrary code.
  31. An elevation of privilege vulnerability in Volume Shadow Copy can be exploited remotely to gain privileges.
  32. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  33. An information disclosure vulnerability in Windows Cryptographic can be exploited remotely to obtain sensitive information.
  34. An information disclosure vulnerability in Windows Layer-2 Bridge Network Driver can be exploited remotely to obtain sensitive information.
  35. A denial of service vulnerability in Windows Peer Name Resolution Protocol can be exploited remotely to cause denial of service.
  36. An elevation of privilege vulnerability in Windows Image Acquisition can be exploited remotely to gain privileges.
  37. A remote code execution vulnerability in Windows Online Certificate Status Protocol (OCSP) SnapIn can be exploited remotely to execute arbitrary code.
  38. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  39. An elevation of privilege vulnerability in Microsoft VOLSNAP.SYS can be exploited remotely to gain privileges.
  40. An elevation of privilege vulnerability in Active Template Library can be exploited remotely to gain privileges.
  41. An information disclosure vulnerability in Windows CDP User Components can be exploited remotely to obtain sensitive information.
  42. An elevation of privilege vulnerability in Windows Transaction Manager can be exploited remotely to gain privileges.
  43. An information disclosure vulnerability in Microsoft DirectMusic can be exploited remotely to obtain sensitive information.
  44. A remote code execution vulnerability in Windows Deployment Services can be exploited remotely to execute arbitrary code.
  45. Security bypass vulnerability in Windows Remote Desktop Protocol can be exploited remotely to bypass security restrictions.
  46. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  47. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  48. A remote code execution vulnerability in Windows Layer-2 Bridge Network Driver can be exploited remotely to execute arbitrary code.
  49. An information disclosure vulnerability in OLE Automation can be exploited remotely to obtain sensitive information.
  50. A security feature bypass vulnerability in Windows MSHTML Platform can be exploited remotely to bypass security restrictions.
  51. A remote code execution vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to execute arbitrary code.
  52. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
  53. An elevation of privilege vulnerability in Windows Partition Management Driver can be exploited remotely to gain privileges.
  54. A remote code execution vulnerability in Microsoft Failover Cluster can be exploited remotely to execute arbitrary code.
  55. A denial of service vulnerability in Windows Authentication can be exploited remotely to cause denial of service.
  56. An information disclosure vulnerability in Windows Netlogon can be exploited remotely to obtain sensitive information.
  57. A remote code execution vulnerability in USB Audio Class System Driver can be exploited remotely to execute arbitrary code.
  58. An elevation of privilege vulnerability in Windows Clip Service can be exploited remotely to gain privileges.
  59. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  60. An elevation of privilege vulnerability in Windows CNG Key Isolation Service can be exploited remotely to gain privileges.
  61. A security feature bypass vulnerability in Windows SmartScreen can be exploited remotely to bypass security restrictions.
  62. An information disclosure vulnerability in Windows Update Orchestrator Service can be exploited remotely to obtain sensitive information.
  63. A denial of service vulnerability in Windows Extended Negotiation can be exploited remotely to cause denial of service.
  64. An information disclosure vulnerability in Microsoft Failover Cluster can be exploited remotely to obtain sensitive information.
  65. A security feature bypass vulnerability in Active Directory Federation Service can be exploited remotely to bypass security restrictions.

Original advisories

CVE-2023-33167

CVE-2023-35316

CVE-2023-32034

CVE-2023-32057

CVE-2023-35318

CVE-2023-33169

CVE-2023-36871

CVE-2023-35321

CVE-2023-35320

CVE-2023-35345

CVE-2023-35331

CVE-2023-35309

CVE-2023-33168

CVE-2023-35350

CVE-2023-36872

CVE-2023-35323

CVE-2023-32046

CVE-2023-35344

CVE-2023-35352

CVE-2023-33166

CVE-2023-32035

CVE-2023-33163

CVE-2023-35325

CVE-2023-35356

CVE-2023-32051

CVE-2023-35347

CVE-2023-35296

CVE-2023-32085

CVE-2023-35337

CVE-2023-35364

CVE-2023-35299

CVE-2023-35358

CVE-2023-35339

CVE-2023-32053

CVE-2023-35351

CVE-2023-35363

CVE-2023-35317

CVE-2023-29347

CVE-2023-32045

CVE-2023-35353

CVE-2023-35343

CVE-2023-35367

CVE-2023-35297

CVE-2023-32054

CVE-2023-32056

CVE-2023-32038

CVE-2023-33174

CVE-2023-35346

CVE-2023-32037

CVE-2023-35338

CVE-2023-35342

CVE-2023-35313

CVE-2023-33164

CVE-2023-35300

CVE-2023-35312

CVE-2023-32040

CVE-2023-35360

CVE-2023-32055

CVE-2023-35326

CVE-2023-32039

CVE-2023-35365

CVE-2023-32044

CVE-2023-35328

CVE-2023-35341

CVE-2023-35322

CVE-2023-35332

CVE-2023-32043

CVE-2023-21756

CVE-2023-35361

CVE-2023-36884

CVE-2023-36874

CVE-2023-35315

CVE-2023-32042

CVE-2023-35308

CVE-2023-35314

CVE-2023-35302

CVE-2023-33173

CVE-2023-35298

CVE-2023-33154

CVE-2023-32033

CVE-2023-35357

CVE-2023-35329

CVE-2023-35319

CVE-2023-35336

CVE-2023-35304

CVE-2023-32084

CVE-2023-35306

CVE-2023-35324

CVE-2023-21526

CVE-2023-35303

CVE-2023-35366

CVE-2023-33172

CVE-2023-35362

CVE-2023-33155

CVE-2023-35305

CVE-2023-35310

CVE-2023-35340

CVE-2023-32049

CVE-2023-32041

CVE-2023-35330

CVE-2023-32083

CVE-2023-35348

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2023-36884 critical

CVE-2023-33167 critical

CVE-2023-35316 high

CVE-2023-32034 critical

CVE-2023-32057 critical

CVE-2023-35318 high

CVE-2023-33169 critical

CVE-2023-36871 high

CVE-2023-35321 high

CVE-2023-35320 critical

CVE-2023-35345 high

CVE-2023-35331 high

CVE-2023-35309 critical

CVE-2023-33168 critical

CVE-2023-35350 high

CVE-2023-36872 high

CVE-2023-35323 critical

CVE-2023-32046 critical

CVE-2023-35344 high

CVE-2023-35352 critical

CVE-2023-33166 critical

CVE-2023-32035 critical

CVE-2023-33163 critical

CVE-2023-35325 critical

CVE-2023-35356 critical

CVE-2023-32051 critical

CVE-2023-35347 high

CVE-2023-35296 high

CVE-2023-32085 high

CVE-2023-35337 critical

CVE-2023-35364 critical

CVE-2023-35299 critical

CVE-2023-35358 critical

CVE-2023-35339 critical

CVE-2023-32053 critical

CVE-2023-35351 high

CVE-2023-35363 critical

CVE-2023-35317 critical

CVE-2023-29347 high

CVE-2023-32045 critical

CVE-2023-35353 critical

CVE-2023-35343 critical

CVE-2023-35367 critical

CVE-2023-35297 critical

CVE-2023-32054 high

CVE-2023-32056 critical

CVE-2023-32038 critical

CVE-2023-33174 high

CVE-2023-35346 high

CVE-2023-32037 high

CVE-2023-35338 critical

CVE-2023-35342 critical

CVE-2023-35313 critical

CVE-2023-33164 high

CVE-2023-35300 critical

CVE-2023-35312 critical

CVE-2023-32040 high

CVE-2023-35360 high

CVE-2023-32055 high

CVE-2023-35326 high

CVE-2023-32039 high

CVE-2023-35365 critical

CVE-2023-32044 critical

CVE-2023-35328 critical

CVE-2023-35341 high

CVE-2023-35322 critical

CVE-2023-35332 high

CVE-2023-32043 high

CVE-2023-21756 critical

CVE-2023-35361 high

CVE-2023-36874 critical

CVE-2023-35315 critical

CVE-2023-32042 critical

CVE-2023-35308 high

CVE-2023-35314 high

CVE-2023-35302 critical

CVE-2023-33173 critical

CVE-2023-35298 critical

CVE-2023-33154 critical

CVE-2023-32033 high

CVE-2023-35357 critical

CVE-2023-35329 high

CVE-2023-35319 high

CVE-2023-35336 high

CVE-2023-35304 critical

CVE-2023-32084 critical

CVE-2023-35306 high

CVE-2023-35324 high

CVE-2023-21526 high

CVE-2023-35303 critical

CVE-2023-35366 critical

CVE-2023-33172 critical

CVE-2023-35362 critical

CVE-2023-33155 critical

CVE-2023-35305 critical

CVE-2023-35310 high

CVE-2023-35340 critical

CVE-2023-32049 critical

CVE-2023-32041 high

CVE-2023-35330 critical

CVE-2023-32083 warning

CVE-2023-35348 high ADV230001 unknown ADV230002 unknown

KB list

5028182

5028185

5028186

5028166

5028171

5028168

5028169

5029263

5029242

5029259

5029367

5029253

5029244

5029247

5029250

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows 11 version 21H2 for ARM64-based SystemsWindows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2016Windows 10 Version 22H2 for ARM64-based SystemsWindows Server 2012 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607 for x64-based SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows Server 2019Windows 10 Version 1607 for 32-bit SystemsWindows Server 2022Raw Image ExtensionWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows Admin CenterWindows Server 2012 R2Windows 10 Version 1809 for 32-bit SystemsVP9 Video ExtensionsWindows Server 2012

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.1

Percentile

94.9%