Lucene search

K
kasperskyKaspersky LabKLA51712
HistoryAug 08, 2023 - 12:00 a.m.

KLA51712 Multiple vulnerabilities in Microsoft Products (ESU)

2023-08-0800:00:00
Kaspersky Lab
threats.kaspersky.com
30
microsoft products
esu
malicious users
arbitrary code
sensitive information
privileges
denial of service
security restrictions
public exploits
windows server
control panel
kb section
ace
threats
cve-ids.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.028

Percentile

90.8%

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
  2. An information disclosure vulnerability can be exploited remotely to obtain sensitive information.
  3. A denial of service vulnerability in Microsoft Message Queuing can be exploited remotely to cause denial of service.
  4. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
  5. A remote code execution vulnerability in Microsoft Message Queuing can be exploited remotely to execute arbitrary code.
  6. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  7. An information disclosure vulnerability in Windows Cryptographic Services can be exploited remotely to obtain sensitive information.
  8. An information disclosure vulnerability in Windows Hyper-V can be exploited remotely to obtain sensitive information.
  9. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  10. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  11. An elevation of privilege vulnerability in Windows System Assessment Tool can be exploited remotely to gain privileges.
  12. An information disclosure vulnerability in Microsoft Message Queuing can be exploited remotely to obtain sensitive information.
  13. A security feature bypass vulnerability in Windows Group Policy can be exploited remotely to bypass security restrictions.
  14. An elevation of privilege vulnerability in Reliability Analysis Metrics Calculation (RacTask) can be exploited remotely to gain privileges.
  15. An elevation of privilege vulnerability in Reliability Analysis Metrics Calculation Engine (RACEng) can be exploited remotely to gain privileges.
  16. An elevation of privilege vulnerability in Windows Bluetooth A2DP driver can be exploited remotely to gain privileges.
  17. A security feature bypass vulnerability in Windows HTML Platforms can be exploited remotely to bypass security restrictions.

Original advisories

CVE-2023-38184

CVE-2023-36908

CVE-2023-38254

CVE-2023-20569

CVE-2023-35376

CVE-2023-36900

CVE-2023-35381

CVE-2023-35377

CVE-2023-36911

CVE-2023-35359

CVE-2023-36912

CVE-2023-36909

CVE-2023-35380

CVE-2023-36876

CVE-2023-36907

CVE-2023-36882

CVE-2023-36910

CVE-2023-36906

CVE-2023-38172

CVE-2023-36903

CVE-2023-35383

CVE-2023-36889

CVE-2023-35385

CVE-2023-36913

CVE-2023-35379

CVE-2023-35387

CVE-2023-35384

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-Server-2008

CVE list

CVE-2023-38184 critical

CVE-2023-20569 warning

CVE-2023-35376 high

CVE-2023-35381 critical

CVE-2023-35377 high

CVE-2023-36911 critical

CVE-2023-35359 critical

CVE-2023-36909 high

CVE-2023-36907 critical

CVE-2023-36910 critical

CVE-2023-36906 critical

CVE-2023-35384 high

CVE-2023-36908 high

CVE-2023-38254 high

CVE-2023-36900 critical

CVE-2023-35387 critical

CVE-2023-36912 critical

CVE-2023-35380 critical

CVE-2023-36882 critical

CVE-2023-38172 critical

CVE-2023-36903 critical

CVE-2023-35383 critical

CVE-2023-36889 high

CVE-2023-35385 critical

CVE-2023-36913 critical

CVE-2023-36876 high

CVE-2023-35379 critical

KB list

5029304

5029295

5029308

5029243

5029312

5029301

5029318

5029296

5029307

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.028

Percentile

90.8%