Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA51710
HistoryAug 08, 2023 - 12:00 a.m.

KLA51710 Multiple vulnerabilities in Microsoft Windows

2023-08-0800:00:00
Kaspersky Lab
threats.kaspersky.com
50

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.6%

JSON

Detect date:

08/08/2023

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions, cause denial of service.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows 10 Version 1607 for 32-bit Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
HEVC Video Extension
Windows Server 2016 (Server Core installation)
Windows 11 Version 22H2 for x64-based Systems
Windows 10 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows Server 2019
Windows Server 2022
Windows Server 2012 R2 (Server Core installation)
HEVC Video Extensions
Windows 10 for 32-bit Systems
Windows Server 2012
Windows Server 2012 R2
Windows 10 Version 21H2 for 32-bit Systems
Windows Server 2016
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2022 (Server Core installation)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2023-35382
CVE-2023-38184
CVE-2023-20569
CVE-2023-36914
CVE-2023-35376
CVE-2023-35381
CVE-2023-35377
CVE-2023-36911
CVE-2023-35359
CVE-2023-36909
CVE-2023-35378
CVE-2023-38154
CVE-2023-36907
CVE-2023-35386
CVE-2023-36910
CVE-2023-36906
CVE-2023-35384
CVE-2023-38170
CVE-2023-36908
CVE-2023-38254
CVE-2023-36900
CVE-2023-36898
CVE-2023-35387
CVE-2023-36912
CVE-2023-38186
CVE-2023-35380
CVE-2023-36904
CVE-2023-36882
CVE-2023-38172
CVE-2023-36903
CVE-2023-35383
CVE-2023-36889
CVE-2023-35385
CVE-2023-36905
CVE-2023-36913
ADV230004

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2023-353827.8Critical
CVE-2023-381847.5Critical
CVE-2023-205694.7Warning
CVE-2023-369145.5High
CVE-2023-353766.5High
CVE-2023-353818.8Critical
CVE-2023-353776.5High
CVE-2023-369119.8Critical
CVE-2023-353597.8Critical
CVE-2023-369096.5High
CVE-2023-353787.0High
CVE-2023-381547.8Critical
CVE-2023-369077.5Critical
CVE-2023-353867.8Critical
CVE-2023-369109.8Critical
CVE-2023-369067.5Critical
CVE-2023-353846.5High
CVE-2023-381707.8Critical
CVE-2023-369086.5High
CVE-2023-382546.5High
CVE-2023-369007.8Critical
CVE-2023-368987.8Critical
CVE-2023-353878.8Critical
CVE-2023-369127.5Critical
CVE-2023-381869.8Critical
CVE-2023-353807.8Critical
CVE-2023-369047.8Critical
CVE-2023-368828.8Critical
CVE-2023-381727.5Critical
CVE-2023-369039.8Critical
CVE-2023-353837.5Critical
CVE-2023-368895.5High
CVE-2023-353859.8Critical
CVE-2023-369057.5Critical
CVE-2023-369137.5Critical

KB list:

5029263
5029242
5029259
5029367
5029253
5029244
5029247
5029250

Microsoft official advisories:

References

Related

mskb 17
openvas 15
nessus 30
kaspersky 1
qualysblog 1
thn 1
rapid7blog 1
talosblog 1
cve 35
prion 35
cnvd 1
mscve 35
githubexploit 1
zdi 3
oraclelinux 5
xen 1
debiancve 1
ubuntucve 1
amd 1
veracode 1
hp 1
ubuntu 1
redhat 3
cloudfoundry 1
osv 3
almalinux 1
redhatcve 1
hivepro 1
mskb
mskb
August 8, 2023—KB5029263 (OS Build 22621.2134)
2023-08-08 07:00:00
August 8, 2023—KB5029253 (OS Build 22000.2295)
2023-08-08 07:00:00
August 8, 2023—KB5029250 (OS Build 20348.1906)
2023-08-08 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5029253)
2023-08-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5029263)
2023-08-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5029244)
2023-08-09 00:00:00
nessus
nessus
KB5029263: Windows 11 version 22H2 Security Update (August 2023)
2023-08-08 00:00:00
KB5029253: Windows 11 version 21H2 Security Update (August 2023)
2023-08-08 00:00:00
KB5029250: Windows 2022 / Azure Stack HCI 22H2 Security Update (August 2023)
2023-08-08 00:00:00
kaspersky
kaspersky
KLA51712 Multiple vulnerabilities in Microsoft Products (ESU)
2023-08-08 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, August 2023 Security Update Review
2023-08-08 20:35:59
thn
thn
Microsoft Releases Patches for 74 New Vulnerabilities in August Update
2023-08-09 04:26:00
rapid7blog
rapid7blog
Patch Tuesday - August 2023
2023-08-08 21:11:35
talosblog
talosblog
Six critical vulnerabilities included in August’s Microsoft security update
2023-08-08 19:25:42
cve
cve
CVE-2023-38154
2023-08-08 18:15:22
CVE-2023-38170
2023-08-08 18:15:22
CVE-2023-35382
2023-08-08 18:15:13
prion
prion
Privilege escalation
2023-08-08 18:15:00
Security feature bypass
2023-08-08 18:15:00
Privilege escalation
2023-08-08 18:15:00
cnvd
cnvd
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2023-64870)
2023-08-12 00:00:00
mscve
mscve
Windows Kernel Elevation of Privilege Vulnerability
2023-08-08 07:00:00
Windows Kernel Elevation of Privilege Vulnerability
2023-08-08 07:00:00
Windows Projected File System Elevation of Privilege Vulnerability
2023-08-08 07:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2023-11-08 10:39:19
zdi
zdi
Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Information Disclosure Vulnerability
2023-08-14 00:00:00
Microsoft Windows CLFS Incorrect Integer Conversion Local Privilege Escalation Vulnerability
2023-08-14 00:00:00
Microsoft Windows Error Reporting Local Privilege Escalation Vulnerability
2023-08-15 00:00:00
oraclelinux
oraclelinux
linux-firmware security update
2023-08-08 00:00:00
linux-firmware security update
2023-08-08 00:00:00
linux-firmware security update
2023-08-08 00:00:00
xen
xen
x86/AMD: Speculative Return Stack Overflow
2023-08-08 15:53:00
debiancve
debiancve
CVE-2023-20569
2023-08-08 18:15:11
ubuntucve
ubuntucve
CVE-2023-20569
2023-08-08 00:00:00
amd
amd
Return Address Security Bulletin
2023-08-08 00:00:00
veracode
veracode
Information Disclosure
2023-08-13 09:11:17
hp
hp
AMD Client UEFI Firmware Return Address Security Update
2023-12-07 00:00:00
ubuntu
ubuntu
AMD Microcode vulnerability
2023-08-30 00:00:00
redhat
redhat
(RHSA-2023:7109) Moderate: linux-firmware security, bug fix, and enhancement update
2023-11-14 08:45:30
(RHSA-2024:2005) Moderate: linux-firmware security update
2024-04-23 16:19:59
(RHSA-2024:0433) Moderate: linux-firmware security update
2024-01-24 14:40:38
cloudfoundry
cloudfoundry
USN-6319-1: AMD Microcode vulnerability | Cloud Foundry
2023-10-05 00:00:00
osv
osv
CVE-2023-20569
2023-08-08 18:15:11
amd64-microcode vulnerability
2023-08-30 00:46:25
Moderate: linux-firmware security, bug fix, and enhancement update
2023-11-14 00:00:00
almalinux
almalinux
Moderate: linux-firmware security, bug fix, and enhancement update
2023-11-14 00:00:00
redhatcve
redhatcve
CVE-2023-20569
2023-08-08 19:18:52
hivepro
hivepro
Zero-Click Outlook RCE Exploitation Chain in Windows
2023-12-26 12:02:53

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.6%

JSON
Related for KLA51710
mskb17openvas15nessus30kaspersky1qualysblog1thn1rapid7blog1talosblog1cve35prion35cnvd1mscve35githubexploit1zdi3oraclelinux5xen1debiancve1ubuntucve1amd1veracode1hp1ubuntu1redhat3cloudfoundry1osv3almalinux1redhatcve1hivepro1