Lucene search

K
kasperskyKaspersky LabKLA50775
HistoryJul 11, 2023 - 12:00 a.m.

KLA50775 Multiple vulnerabilities in Microsoft Products (ESU)

2023-07-1100:00:00
Kaspersky Lab
threats.kaspersky.com
59
microsoft products
vulnerabilities
denial of service
sensitive information
arbitrary code
security restrictions
public exploits
windows server 2008 r2
windows server 2008

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.113

Percentile

95.3%

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Office and Windows HTML can be exploited remotely to execute arbitrary code.
  2. A denial of service vulnerability in Remote Procedure Call Runtime can be exploited remotely to cause denial of service.
  3. An information disclosure vulnerability in Remote Procedure Call Runtime can be exploited remotely to obtain sensitive information.
  4. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
  5. A denial of service vulnerability in Windows Deployment Services can be exploited remotely to cause denial of service.
  6. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  7. A remote code execution vulnerability in Windows Active Directory Certificate Services (AD CS) can be exploited remotely to execute arbitrary code.
  8. An elevation of privilege vulnerability in Windows MSHTML Platform can be exploited remotely to gain privileges.
  9. A remote code execution vulnerability in Windows Network Load Balancing can be exploited remotely to execute arbitrary code.
  10. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  12. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
  13. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  14. A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to execute arbitrary code.
  15. An elevation of privilege vulnerability in Volume Shadow Copy can be exploited remotely to gain privileges.
  16. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  17. An information disclosure vulnerability in Windows Cryptographic can be exploited remotely to obtain sensitive information.
  18. A denial of service vulnerability in Windows Peer Name Resolution Protocol can be exploited remotely to cause denial of service.
  19. An elevation of privilege vulnerability in Windows Image Acquisition can be exploited remotely to gain privileges.
  20. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  21. An elevation of privilege vulnerability in Microsoft VOLSNAP.SYS can be exploited remotely to gain privileges.
  22. An elevation of privilege vulnerability in Active Template Library can be exploited remotely to gain privileges.
  23. An elevation of privilege vulnerability in Windows Transaction Manager can be exploited remotely to gain privileges.
  24. An information disclosure vulnerability in Microsoft DirectMusic can be exploited remotely to obtain sensitive information.
  25. A remote code execution vulnerability in Windows Deployment Services can be exploited remotely to execute arbitrary code.
  26. Security bypass vulnerability in Windows Remote Desktop Protocol can be exploited remotely to bypass security restrictions.
  27. A security feature bypass vulnerability in Windows Remote Desktop can be exploited remotely to bypass security restrictions.
  28. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  29. An information disclosure vulnerability in OLE Automation can be exploited remotely to obtain sensitive information.
  30. An elevation of privilege vulnerability in Windows Partition Management Driver can be exploited remotely to gain privileges.
  31. A remote code execution vulnerability in Microsoft Failover Cluster can be exploited remotely to execute arbitrary code.
  32. An information disclosure vulnerability in Windows Netlogon can be exploited remotely to obtain sensitive information.
  33. A remote code execution vulnerability in USB Audio Class System Driver can be exploited remotely to execute arbitrary code.
  34. An elevation of privilege vulnerability in Windows CNG Key Isolation Service can be exploited remotely to gain privileges.
  35. A denial of service vulnerability in Windows Extended Negotiation can be exploited remotely to cause denial of service.
  36. An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
  37. A security feature bypass vulnerability in Windows MSHTML Platform can be exploited remotely to bypass security restrictions.
  38. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  39. An information disclosure vulnerability in Windows Print Spooler can be exploited remotely to obtain sensitive information.
  40. An information disclosure vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to obtain sensitive information.
  41. A denial of service vulnerability in Windows Authentication can be exploited remotely to cause denial of service.
  42. An elevation of privilege vulnerability in Windows Server Update Service (WSUS) can be exploited remotely to gain privileges.
  43. A denial of service vulnerability in Windows Local Security Authority (LSA) can be exploited remotely to cause denial of service.
  44. A remote code execution vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2023-33167

CVE-2023-33164

CVE-2023-35316

CVE-2023-35300

CVE-2023-32034

CVE-2023-35312

CVE-2023-32057

CVE-2023-35318

CVE-2023-33169

CVE-2023-35321

CVE-2023-32055

CVE-2023-35345

CVE-2023-35309

CVE-2023-35365

CVE-2023-33168

CVE-2023-35350

CVE-2023-32046

CVE-2023-32044

CVE-2023-35328

CVE-2023-35341

CVE-2023-35332

CVE-2023-35322

CVE-2023-32043

CVE-2023-35344

CVE-2023-36884

CVE-2023-36874

CVE-2023-33166

CVE-2023-32035

CVE-2023-32042

CVE-2023-35314

CVE-2023-33163

CVE-2023-33173

CVE-2023-33154

CVE-2023-32033

CVE-2023-35319

CVE-2023-35299

CVE-2023-32053

CVE-2023-35351

CVE-2023-21526

CVE-2023-32045

CVE-2023-35303

CVE-2023-35367

CVE-2023-35297

CVE-2023-32054

CVE-2023-35366

CVE-2023-33172

CVE-2023-32038

CVE-2023-33174

CVE-2023-35310

CVE-2023-35340

CVE-2023-35346

CVE-2023-35330

CVE-2023-32050

CVE-2023-35338

CVE-2023-35342

CVE-2023-21756

CVE-2023-35336

CVE-2023-35361

CVE-2023-35352

CVE-2023-35325

CVE-2023-32085

CVE-2023-35324

CVE-2023-35296

CVE-2023-35329

CVE-2023-32039

CVE-2023-35306

CVE-2023-35317

CVE-2023-35331

CVE-2023-32040

CVE-2023-35308

CVE-2023-35360

CVE-2023-35302

ADV230002

ADV230001

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-Server-2008

CVE list

CVE-2023-36884 critical

CVE-2023-33167 critical

CVE-2023-35316 high

CVE-2023-32034 critical

CVE-2023-32057 critical

CVE-2023-35318 high

CVE-2023-33169 critical

CVE-2023-35321 high

CVE-2023-35345 high

CVE-2023-35331 high

CVE-2023-35309 critical

CVE-2023-33168 critical

CVE-2023-35350 high

CVE-2023-32046 critical

CVE-2023-35344 high

CVE-2023-35352 critical

CVE-2023-33166 critical

CVE-2023-32035 critical

CVE-2023-33163 critical

CVE-2023-35325 critical

CVE-2023-35296 high

CVE-2023-32085 high

CVE-2023-35299 critical

CVE-2023-32053 critical

CVE-2023-35351 high

CVE-2023-35317 critical

CVE-2023-32045 critical

CVE-2023-35367 critical

CVE-2023-35297 critical

CVE-2023-32054 high

CVE-2023-32038 critical

CVE-2023-33174 high

CVE-2023-35346 high

CVE-2023-35338 critical

CVE-2023-35342 critical

CVE-2023-33164 high

CVE-2023-35300 critical

CVE-2023-35312 critical

CVE-2023-32040 high

CVE-2023-35360 high

CVE-2023-32055 high

CVE-2023-32039 high

CVE-2023-35365 critical

CVE-2023-32044 critical

CVE-2023-35328 critical

CVE-2023-35341 high

CVE-2023-35322 critical

CVE-2023-35332 high

CVE-2023-32043 high

CVE-2023-21756 critical

CVE-2023-35361 high

CVE-2023-36874 critical

CVE-2023-32042 critical

CVE-2023-35308 high

CVE-2023-35314 high

CVE-2023-35302 critical

CVE-2023-33173 critical

CVE-2023-33154 critical

CVE-2023-32033 high

CVE-2023-35329 high

CVE-2023-35319 high

CVE-2023-35336 high

CVE-2023-35306 high

CVE-2023-35324 high

CVE-2023-21526 high

CVE-2023-35303 critical

CVE-2023-35366 critical

CVE-2023-33172 critical

CVE-2023-35310 high

CVE-2023-35340 critical

CVE-2023-35330 critical

CVE-2023-32050 high

KB list

5028223

5028228

5028232

5028233

5028222

5028226

5028240

5028167

5028224

5029304

5029295

5029308

5029312

5029301

5029318

5029296

5029307

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 (Server Core installation)

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.113

Percentile

95.3%