KLA63965 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
2. A remote code execution vulnerability in Windows Pragmatic General Multicast (PGM) can be exploited remotely to execute arbitrary code.
3. A remote code execution vulnerability in Microsoft ActiveX Data Objects can be exploited remotely to execute arbitrary code.
4. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
5. A DNSSEC verification vulnerability can be exploited remotely to cause denial of service.
6. A denial of service vulnerability in Internet Connection Sharing (ICS) can be exploited remotely to cause denial of service.
7. An elevation of privilege vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to gain privileges.
8. A spoofing vulnerability in Windows Printing Service can be exploited remotely to spoof user interface.
9. A denial of service vulnerability in Windows Network Address Translation (NAT) can be exploited remotely to cause denial of service.
10. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
11. An information disclosure vulnerability in Windows DNS can be exploited remotely to obtain sensitive information.
12. A denial of service vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to cause denial of service.
13. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
14. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
15. A remote code execution vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2024-21365

CVE-2024-21359

CVE-2024-21368

CVE-2024-21367

CVE-2024-21349

CVE-2024-21340

CVE-2023-50387

CVE-2024-21348

CVE-2024-21360

CVE-2024-21370

CVE-2024-21405

CVE-2024-21355

CVE-2024-21420

CVE-2024-21358

CVE-2024-21361

CVE-2024-21369

CVE-2024-21406

CVE-2024-21350

CVE-2024-21344

CVE-2024-21371

CVE-2024-21377

CVE-2024-21354

CVE-2024-21356

CVE-2024-21391

CVE-2024-21372

CVE-2024-21343

CVE-2024-21352

CVE-2024-21375

CVE-2024-21347

CVE-2024-21366

CVE-2024-21363

CVE-2024-21357

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-Server-2008

CVE list

CVE-2024-21365 critical

CVE-2024-21357 critical

CVE-2024-21359 critical

CVE-2024-21368 critical

CVE-2024-21367 critical

CVE-2024-21349 critical

CVE-2024-21340 warning

CVE-2023-50387 critical

CVE-2024-21348 critical

CVE-2024-21360 critical

CVE-2024-21370 critical

CVE-2024-21405 high

CVE-2024-21355 high

CVE-2024-21420 critical

CVE-2024-21358 critical

CVE-2024-21361 critical

CVE-2024-21369 critical

CVE-2024-21406 critical

CVE-2024-21350 critical

CVE-2024-21344 high

CVE-2024-21371 high

CVE-2024-21377 high

CVE-2024-21354 critical

CVE-2024-21356 high

CVE-2024-21391 critical

CVE-2024-21372 critical

CVE-2024-21343 high

CVE-2024-21352 critical

CVE-2024-21375 critical

CVE-2024-21347 critical

CVE-2024-21366 critical

CVE-2024-21363 critical

KB list

5034830

5034819

5034809

5034833

5034795

5034831

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

• LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

• Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)