Lucene search

K
kasperskyKaspersky LabKLA51710
HistoryAug 08, 2023 - 12:00 a.m.

KLA51710 Multiple vulnerabilities in Microsoft Windows

2023-08-0800:00:00
Kaspersky Lab
threats.kaspersky.com
52
microsoft windows
vulnerabilities
privileges
arbitrary code
sensitive information
security restrictions
denial of service
windows 10
windows 11
windows server 2019
windows server 2012
windows server 2016
windows server 2022
updates
cve-2023-35382
cve-2023-38184
cve-2023-20569
cve-2023-36914
cve-2023-35376
cve-2023-35381
cve-2023-35377
cve-2023-36911
cve-2023-35359
cve-2023-36909
cve-2023-35378
cve-2023-38154
cve-2023-36907
cve-2023-35386
cve-2023-36910
cve-2023-36906
cve-2023-35384
cve-2023-38170
cve-2023-36908
cve-2023-38254
cve-2023-36900
cve-2023-36898
cve-2023-35387
cve-2023-36912.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.028

Percentile

90.8%

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
  3. An information disclosure vulnerability can be exploited remotely to obtain sensitive information.
  4. A security feature bypass vulnerability in Windows Smart Card Resource Management Server can be exploited remotely to bypass security restrictions.
  5. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
  6. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
  7. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
  8. An elevation of privilege vulnerability in Windows Projected File System can be exploited remotely to gain privileges.
  9. An information disclosure vulnerability in Windows Cryptographic Services can be exploited remotely to obtain sensitive information.
  10. A security feature bypass vulnerability in Windows HTML Platforms can be exploited remotely to bypass security restrictions.
  11. A remote code execution vulnerability in HEVC Video Extensions can be exploited remotely to execute arbitrary code.
  12. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely to obtain sensitive information.
  13. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  14. A remote code execution vulnerability in Tablet Windows User Interface Application Core can be exploited remotely to execute arbitrary code.
  15. An elevation of privilege vulnerability in Windows Bluetooth A2DP driver can be exploited remotely to gain privileges.
  16. An elevation of privilege vulnerability in Windows Mobile Device Management can be exploited remotely to gain privileges.
  17. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  18. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  19. An elevation of privilege vulnerability in Windows System Assessment Tool can be exploited remotely to gain privileges.
  20. An information disclosure vulnerability in Microsoft Message Queuing can be exploited remotely to obtain sensitive information.
  21. A security feature bypass vulnerability in Windows Group Policy can be exploited remotely to bypass security restrictions.
  22. An information disclosure vulnerability in Windows Wireless Wide Area Network Service (WwanSvc) can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2023-35382

CVE-2023-38184

CVE-2023-20569

CVE-2023-36914

CVE-2023-35376

CVE-2023-35381

CVE-2023-35377

CVE-2023-36911

CVE-2023-35359

CVE-2023-36909

CVE-2023-35378

CVE-2023-38154

CVE-2023-36907

CVE-2023-35386

CVE-2023-36910

CVE-2023-36906

CVE-2023-35384

CVE-2023-38170

CVE-2023-36908

CVE-2023-38254

CVE-2023-36900

CVE-2023-36898

CVE-2023-35387

CVE-2023-36912

CVE-2023-38186

CVE-2023-35380

CVE-2023-36904

CVE-2023-36882

CVE-2023-38172

CVE-2023-36903

CVE-2023-35383

CVE-2023-36889

CVE-2023-35385

CVE-2023-36905

CVE-2023-36913

ADV230004

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2023-35382 critical

CVE-2023-38184 critical

CVE-2023-20569 warning

CVE-2023-36914 high

CVE-2023-35376 high

CVE-2023-35381 critical

CVE-2023-35377 high

CVE-2023-36911 critical

CVE-2023-35359 critical

CVE-2023-36909 high

CVE-2023-35378 high

CVE-2023-38154 critical

CVE-2023-36907 critical

CVE-2023-35386 critical

CVE-2023-36910 critical

CVE-2023-36906 critical

CVE-2023-35384 high

CVE-2023-38170 critical

CVE-2023-36908 high

CVE-2023-38254 high

CVE-2023-36900 critical

CVE-2023-36898 critical

CVE-2023-35387 critical

CVE-2023-36912 critical

CVE-2023-38186 critical

CVE-2023-35380 critical

CVE-2023-36904 critical

CVE-2023-36882 critical

CVE-2023-38172 critical

CVE-2023-36903 critical

CVE-2023-35383 critical

CVE-2023-36889 high

CVE-2023-35385 critical

CVE-2023-36905 critical

CVE-2023-36913 critical

KB list

5029263

5029242

5029259

5029367

5029253

5029244

5029247

5029250

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows 10 Version 1607 for 32-bit SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 10 Version 21H2 for x64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 10 Version 1607 for x64-based SystemsHEVC Video ExtensionWindows Server 2016 (Server Core installation)Windows 11 Version 22H2 for x64-based SystemsWindows 10 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows Server 2019Windows Server 2022Windows Server 2012 R2 (Server Core installation)HEVC Video ExtensionsWindows 10 for 32-bit SystemsWindows Server 2012Windows Server 2012 R2Windows 10 Version 21H2 for 32-bit SystemsWindows Server 2016Windows 11 version 21H2 for ARM64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2022 (Server Core installation)

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.028

Percentile

90.8%