Kaspersky LabKLA50775KLA50775 Multiple vulnerabilities in Microsoft Products (ESU)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.468 Medium
EPSS
Percentile
97.4%
Detect date:
07/11/2023
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2023-33167
CVE-2023-33164
CVE-2023-35316
CVE-2023-35300
CVE-2023-32034
CVE-2023-35312
CVE-2023-32057
CVE-2023-35318
CVE-2023-33169
CVE-2023-35321
CVE-2023-32055
CVE-2023-35345
CVE-2023-35309
CVE-2023-35365
CVE-2023-33168
CVE-2023-35350
CVE-2023-32046
CVE-2023-32044
CVE-2023-35328
CVE-2023-35341
CVE-2023-35332
CVE-2023-35322
CVE-2023-32043
CVE-2023-35344
CVE-2023-36884
CVE-2023-36874
CVE-2023-33166
CVE-2023-32035
CVE-2023-32042
CVE-2023-35314
CVE-2023-33163
CVE-2023-33173
CVE-2023-33154
CVE-2023-32033
CVE-2023-35319
CVE-2023-35299
CVE-2023-32053
CVE-2023-35351
CVE-2023-21526
CVE-2023-32045
CVE-2023-35303
CVE-2023-35367
CVE-2023-35297
CVE-2023-32054
CVE-2023-35366
CVE-2023-33172
CVE-2023-32038
CVE-2023-33174
CVE-2023-35310
CVE-2023-35340
CVE-2023-35346
CVE-2023-35330
CVE-2023-32050
CVE-2023-35338
CVE-2023-35342
ADV230001
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2023-368847.5Critical
CVE-2023-331677.5Critical
CVE-2023-353166.5High
CVE-2023-320347.5Critical
CVE-2023-320579.8Critical
CVE-2023-353186.5High
CVE-2023-331697.5Critical
CVE-2023-353216.5High
CVE-2023-353456.6High
CVE-2023-353097.5Critical
CVE-2023-331687.5Critical
CVE-2023-353507.2High
CVE-2023-320467.8Critical
CVE-2023-353446.6High
CVE-2023-331667.5Critical
CVE-2023-320357.5Critical
CVE-2023-331637.5Critical
CVE-2023-352997.8Critical
CVE-2023-320537.8Critical
CVE-2023-353516.6High
CVE-2023-320457.5Critical
CVE-2023-353679.8Critical
CVE-2023-352977.5Critical
CVE-2023-320547.3High
CVE-2023-320388.8Critical
CVE-2023-331745.5High
CVE-2023-353466.6High
CVE-2023-353387.5Critical
CVE-2023-353427.8Critical
CVE-2023-331646.5High
CVE-2023-353008.8Critical
CVE-2023-353127.8Critical
CVE-2023-320556.7High
CVE-2023-353659.8Critical
CVE-2023-320447.5Critical
CVE-2023-353287.8Critical
CVE-2023-353415.5High
CVE-2023-353228.8Critical
CVE-2023-353326.8High
CVE-2023-320436.8High
CVE-2023-368747.8Critical
CVE-2023-320427.5Critical
CVE-2023-353146.5High
CVE-2023-331737.5Critical
CVE-2023-331549.8Critical
CVE-2023-320337.2High
CVE-2023-353196.5High
CVE-2023-215267.4High
CVE-2023-353038.8Critical
CVE-2023-353669.8Critical
CVE-2023-331727.5Critical
CVE-2023-353106.6High
CVE-2023-353407.8Critical
CVE-2023-353307.5Critical
CVE-2023-320507.0High
KB list:
5028222
5028226
5028240
5028167
5028224
5029304
5029295
5029308
5029312
5029301
5029318
5029296
5029307
Microsoft official advisories:
References
support.microsoft.com/kb/5028167
support.microsoft.com/kb/5028222
support.microsoft.com/kb/5028224
support.microsoft.com/kb/5028226
support.microsoft.com/kb/5028240
support.microsoft.com/kb/5029295
support.microsoft.com/kb/5029296
support.microsoft.com/kb/5029301
support.microsoft.com/kb/5029304
support.microsoft.com/kb/5029307
support.microsoft.com/kb/5029308
support.microsoft.com/kb/5029312
support.microsoft.com/kb/5029318
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33164
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33167
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33168
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33169
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33172
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33173
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35299
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35312
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35314
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35316
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35318
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35319
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35321
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35328
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35330
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35332
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35365
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35366
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35367
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36884
msrc.microsoft.com/update-guide/en-US/vulnerability/ADV230001
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21526
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32033
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32034
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32035
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32038
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32042
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32043
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32044
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32045
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32050
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32053
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32054
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32055
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32057
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33154
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33164
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33166
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33167
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33168
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33169
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33172
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33173
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33174
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35297
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35299
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35300
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35303
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35309
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35310
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35312
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35314
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35316
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35318
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35319
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35321
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35322
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35328
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35330
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35332
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35338
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35340
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35341
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35342
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35344
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35345
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35346
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35350
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35351
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35365
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35366
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35367
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.468 Medium
EPSS
Percentile
97.4%