Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA61980
HistoryNov 14, 2023 - 12:00 a.m.

KLA61980 Multiple vulnerabilities in Microsoft Products (ESU)

2023-11-1400:00:00
Kaspersky Lab
threats.kaspersky.com
41
microsoft products
extended security update
security restrictions bypass
denial of service
arbitrary code execution
privilege gain
sensitive information
public exploits
windows server 2012
windows server 2008
windows server 2008 r2
windows server 2012 r2

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A security feature bypass vulnerability in Windows SmartScreen can be exploited remotely to bypass security restrictions.
  2. A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
  3. A memory corruption vulnerability in Windows Scripting Engine can be exploited remotely to execute arbitrary code.
  4. A remote code execution vulnerability in Windows User Interface Application Core can be exploited remotely to execute arbitrary code.
  5. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  6. A remote code execution vulnerability in Microsoft Remote Registry Service can be exploited remotely to execute arbitrary code.
  7. An information disclosure vulnerability in Windows NTFS can be exploited remotely to obtain sensitive information.
  8. A remote code execution vulnerability in Windows Distributed File System (DFS) can be exploited remotely to execute arbitrary code.
  9. A denial of service vulnerability in Windows Deployment Services can be exploited remotely to cause denial of service.
  10. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  11. An information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service can be exploited remotely to obtain sensitive information.
  12. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  13. An elevation of privilege vulnerability in Microsoft Speech Application Programming Interface (SAPI) can be exploited remotely to gain privileges.
  14. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  15. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  16. A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2023-36025

CVE-2023-36392

CVE-2023-36017

CVE-2023-36393

CVE-2023-36705

CVE-2023-36423

CVE-2023-36398

CVE-2023-36425

CVE-2023-36395

CVE-2023-36401

CVE-2023-36036

CVE-2023-36428

CVE-2023-36402

CVE-2023-36719

CVE-2023-36424

CVE-2023-36403

CVE-2023-36397

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-Server-2008

CVE list

CVE-2023-36025 critical

CVE-2023-36392 critical

CVE-2023-36017 critical

CVE-2023-36423 critical

CVE-2023-36705 critical

CVE-2023-36398 high

CVE-2023-36425 critical

CVE-2023-36395 critical

CVE-2023-36393 critical

CVE-2023-36401 high

CVE-2023-36036 critical

CVE-2023-36428 high

CVE-2023-36402 critical

CVE-2023-36719 critical

CVE-2023-36424 critical

CVE-2023-36403 high

CVE-2023-36397 critical

KB list

5032254

5032248

5032252

5032247

5032249

5032250

5032191

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2012 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 R2 for x64-based Systems Service Pack 1

References

Related

mskb 16
nessus 11
openvas 6
kaspersky 1
talosblog 2
cve 17
prion 17
cvelist 17
nvd 17
mscve 17
vulnrichment 7
cisa_kev 2
attackerkb 2
githubexploit 3
thn 11
hivepro 2
trendmicroblog 1
rapid7blog 2
malwarebytes 1
qualysblog 1
krebs 2
avleonov 1
googleprojectzero 1
mskb
mskb
November 14, 2023—KB5032249 (Monthly Rollup)
2023-11-14 08:00:00
November 14, 2023—KB5032250 (Security-only update)
2023-11-14 08:00:00
November 14, 2023—KB5032254 (Monthly Rollup)
2023-11-14 08:00:00
nessus
nessus
KB5032249: Windows Server 2012 R2 Security Update (November 2023)
2023-11-14 00:00:00
KB5032250: Windows Server 2008 R2 Security Update (November 2023)
2023-11-14 00:00:00
KB5032248: Windows Server 2008 Security Update (November 2023)
2023-11-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5032199)
2023-11-16 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5032197)
2023-11-16 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5032189)
2023-11-16 00:00:00
kaspersky
kaspersky
KLA61975 Multiple vulnerabilities in Microsoft Windows
2023-11-14 00:00:00
talosblog
talosblog
Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days
2023-11-14 19:46:02
We all just need to agree that ad blockers are good
2023-11-16 19:00:39
cve
cve
CVE-2023-36392
2023-11-14 18:15:37
CVE-2023-36395
2023-11-14 18:15:38
CVE-2023-36719
2023-11-14 18:15:50
prion
prion
Denial of service
2023-11-14 18:15:00
Denial of service
2023-11-14 18:15:00
Privilege escalation
2023-11-14 18:15:00
cvelist
cvelist
CVE-2023-36395 Windows Deployment Services Denial of Service Vulnerability
2023-11-14 17:57:25
CVE-2023-36705 Windows Installer Elevation of Privilege Vulnerability
2023-11-14 17:57:05
CVE-2023-36719 Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability
2023-11-14 17:57:04
nvd
nvd
CVE-2023-36395
2023-11-14 18:15:38
CVE-2023-36017
2023-11-14 18:15:31
CVE-2023-36401
2023-11-14 18:15:41
mscve
mscve
Windows Installer Elevation of Privilege Vulnerability
2023-11-14 08:00:00
Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability
2023-11-14 08:00:00
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
2023-11-14 08:00:00
vulnrichment
vulnrichment
CVE-2023-36017 Windows Scripting Engine Memory Corruption Vulnerability
2023-11-14 17:57:15
CVE-2023-36398 Windows NTFS Information Disclosure Vulnerability
2023-11-14 17:57:24
CVE-2023-36424 Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-11-14 17:57:08
cisa_kev
cisa_kev
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
2023-11-14 00:00:00
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
2023-11-14 00:00:00
attackerkb
attackerkb
CVE-2023-36036
2023-11-14 00:00:00
CVE-2023-36025
2023-11-14 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Read in Microsoft
2024-03-21 21:39:24
Exploit for CVE-2023-36025
2023-12-28 23:29:04
Exploit for CVE-2023-36025
2023-11-17 15:46:44
thn
thn
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware
2023-12-22 12:46:00
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice
2024-03-27 07:56:00
Mispadu Trojan Targets Europe, Thousands of Credentials Compromised
2024-04-03 09:32:00
hivepro
hivepro
Attacks, Vulnerabilities and Actors 5 to 11 February 2024
2024-02-13 11:12:58
Mispadu Leverages CVE-2023-36025 Vulnerability in Latest Attack
2024-02-08 14:06:16
trendmicroblog
trendmicroblog
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
2024-01-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - November 2023
2023-11-14 21:27:09
Patch Tuesday - February 2024
2024-02-13 21:26:21
malwarebytes
malwarebytes
Update now! Microsoft patches 3 actively exploited zero-days
2023-11-15 22:04:31
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review
2023-11-14 20:29:03
krebs
krebs
Microsoft Patch Tuesday, November 2023 Edition
2023-11-14 23:00:59
Fat Patch Tuesday, February 2024 Edition
2024-02-13 22:28:48
avleonov
avleonov
November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review
2024-02-01 17:07:20
googleprojectzero
googleprojectzero
The Windows Registry Adventure #1: Introduction and research results
2024-04-18 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON
Related for KLA61980
mskb16nessus11openvas6kaspersky1talosblog2cve17prion17cvelist17nvd17mscve17vulnrichment7cisa_kev2attackerkb2githubexploit3thn11hivepro2trendmicroblog1rapid7blog2malwarebytes1qualysblog1krebs2avleonov1googleprojectzero1