Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA51712
HistoryAug 08, 2023 - 12:00 a.m.

KLA51712 Multiple vulnerabilities in Microsoft Products (ESU)

2023-08-0800:00:00
Kaspersky Lab
threats.kaspersky.com
24

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.6%

JSON

Detect date:

08/08/2023

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service, bypass security restrictions.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2023-38184
CVE-2023-36908
CVE-2023-38254
CVE-2023-20569
CVE-2023-35376
CVE-2023-36900
CVE-2023-35381
CVE-2023-35377
CVE-2023-36911
CVE-2023-35359
CVE-2023-36912
CVE-2023-36909
CVE-2023-35380
CVE-2023-36876
CVE-2023-36907
CVE-2023-36882
CVE-2023-36910
CVE-2023-36906
CVE-2023-38172
CVE-2023-36903
CVE-2023-35383
CVE-2023-36889
CVE-2023-35385
CVE-2023-36913
CVE-2023-35379
CVE-2023-35387
CVE-2023-35384

Impacts:

ACE

Related products:

Microsoft Windows

CVE-IDS:

CVE-2023-381847.5Critical
CVE-2023-205694.7Warning
CVE-2023-353766.5High
CVE-2023-353818.8Critical
CVE-2023-353776.5High
CVE-2023-369119.8Critical
CVE-2023-353597.8Critical
CVE-2023-369096.5High
CVE-2023-369077.5Critical
CVE-2023-369109.8Critical
CVE-2023-369067.5Critical
CVE-2023-353846.5High
CVE-2023-369086.5High
CVE-2023-382546.5High
CVE-2023-369007.8Critical
CVE-2023-353878.8Critical
CVE-2023-369127.5Critical
CVE-2023-353807.8Critical
CVE-2023-368828.8Critical
CVE-2023-381727.5Critical
CVE-2023-369039.8Critical
CVE-2023-353837.5Critical
CVE-2023-368895.5High
CVE-2023-353859.8Critical
CVE-2023-369137.5Critical
CVE-2023-368767.1High
CVE-2023-353797.8Critical

KB list:

5029304
5029295
5029308
5029243
5029312
5029301
5029318
5029296
5029307

Microsoft official advisories:

References

Related

nessus 38
mskb 17
openvas 21
kaspersky 1
qualysblog 1
rapid7blog 1
talosblog 1
prion 27
cve 27
mscve 27
githubexploit 1
zdi 3
oraclelinux 5
xen 1
debiancve 1
ubuntucve 1
amd 1
hp 1
veracode 1
thn 1
osv 5
ubuntu 1
redhat 8
cloudfoundry 1
almalinux 1
redhatcve 1
hivepro 1
fedora 2
debian 1
centos 1
nessus
nessus
KB5029304: Windows Server 2012 R2 Security Update (August 2023)
2023-08-08 00:00:00
KB5029307: Windows Server 2008 R2 Security Update (August 2023)
2023-08-08 00:00:00
KB5029308: Windows Server 2012 Security Update (August 2023)
2023-08-08 00:00:00
mskb
mskb
August 8, 2023—KB5029304 (Security-only update)
2023-08-08 07:00:00
August 8, 2023—KB5029296 (Monthly Rollup)
2023-08-08 07:00:00
August 8, 2023—KB5029307 (Security-only update)
2023-08-08 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5029259)
2023-08-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5029242)
2023-08-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5029247)
2023-08-09 00:00:00
kaspersky
kaspersky
KLA51710 Multiple vulnerabilities in Microsoft Windows
2023-08-08 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, August 2023 Security Update Review
2023-08-08 20:35:59
rapid7blog
rapid7blog
Patch Tuesday - August 2023
2023-08-08 21:11:35
talosblog
talosblog
Six critical vulnerabilities included in August’s Microsoft security update
2023-08-08 19:25:42
prion
prion
Privilege escalation
2023-08-08 18:15:00
Privilege escalation
2023-08-08 18:15:00
Privilege escalation
2023-08-08 18:15:00
cve
cve
CVE-2023-35379
2023-08-08 18:15:12
CVE-2023-36876
2023-08-08 18:15:14
CVE-2023-35383
2023-08-08 18:15:13
mscve
mscve
Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
2023-08-08 07:00:00
Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
2023-08-08 07:00:00
Windows HTML Platforms Security Feature Bypass Vulnerability
2023-08-08 07:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2023-11-08 10:39:19
zdi
zdi
Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Information Disclosure Vulnerability
2023-08-14 00:00:00
Microsoft Windows CLFS Incorrect Integer Conversion Local Privilege Escalation Vulnerability
2023-08-14 00:00:00
Microsoft Windows Error Reporting Local Privilege Escalation Vulnerability
2023-08-15 00:00:00
oraclelinux
oraclelinux
linux-firmware security update
2023-08-08 00:00:00
linux-firmware security update
2023-08-08 00:00:00
linux-firmware security update
2023-08-08 00:00:00
xen
xen
x86/AMD: Speculative Return Stack Overflow
2023-08-08 15:53:00
debiancve
debiancve
CVE-2023-20569
2023-08-08 18:15:11
ubuntucve
ubuntucve
CVE-2023-20569
2023-08-08 00:00:00
amd
amd
Return Address Security Bulletin
2023-08-08 00:00:00
hp
hp
AMD Client UEFI Firmware Return Address Security Update
2023-12-07 00:00:00
veracode
veracode
Information Disclosure
2023-08-13 09:11:17
thn
thn
Microsoft Releases Patches for 74 New Vulnerabilities in August Update
2023-08-09 04:26:00
osv
osv
amd64-microcode vulnerability
2023-08-30 00:46:25
CVE-2023-20569
2023-08-08 18:15:11
Moderate: linux-firmware security, bug fix, and enhancement update
2023-11-14 00:00:00
ubuntu
ubuntu
AMD Microcode vulnerability
2023-08-30 00:00:00
redhat
redhat
(RHSA-2023:7109) Moderate: linux-firmware security, bug fix, and enhancement update
2023-11-14 08:45:30
(RHSA-2024:2005) Moderate: linux-firmware security update
2024-04-23 16:19:59
(RHSA-2024:0433) Moderate: linux-firmware security update
2024-01-24 14:40:38
cloudfoundry
cloudfoundry
USN-6319-1: AMD Microcode vulnerability | Cloud Foundry
2023-10-05 00:00:00
almalinux
almalinux
Moderate: linux-firmware security, bug fix, and enhancement update
2023-11-14 00:00:00
redhatcve
redhatcve
CVE-2023-20569
2023-08-08 19:18:52
hivepro
hivepro
Zero-Click Outlook RCE Exploitation Chain in Windows
2023-12-26 12:02:53
fedora
fedora
[SECURITY] Fedora 37 Update: kernel-6.4.9-100.fc37
2023-08-10 00:43:46
[SECURITY] Fedora 38 Update: xen-4.17.2-1.fc38
2023-08-16 01:22:32
debian
debian
[SECURITY] [DLA 3525-1] linux-5.10 security update
2023-08-11 17:21:29
centos
centos
iwl100, iwl1000, iwl105, iwl135, iwl2000, iwl2030, iwl3160, iwl3945, iwl4965, iwl5000, iwl5150, iwl6000, iwl6000g2a, iwl6000g2b, iwl6050, iwl7260, linux security update
2024-01-12 19:14:06

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.05 Low

EPSS

Percentile

92.6%

JSON
Related for KLA51712
nessus38mskb17openvas21kaspersky1qualysblog1rapid7blog1talosblog1prion27cve27mscve27githubexploit1zdi3oraclelinux5xen1debiancve1ubuntucve1amd1hp1veracode1thn1osv5ubuntu1redhat8cloudfoundry1almalinux1redhatcve1hivepro1fedora2debian1centos1