Lucene search

K
kasperskyKaspersky LabKLA65126
HistoryMar 12, 2024 - 12:00 a.m.

KLA65126 Multiple vulnerabilities in Microsoft Windows

2024-03-1200:00:00
Kaspersky Lab
threats.kaspersky.com
67
microsoft windows
vulnerabilities
exploits
denial of service
arbitrary code
privileges
security restrictions
spoofing
windows 10
windows server 2016
windows 11
windows server 2019
windows 10 version 1809
windows server 2022
cve-2024-21438
cve-2024-21441
cve-2024-26162
cve-2024-21446
cve-2024-21443
cve-2024-21440
cve-2024-26182
cve-2024-21433
cve-2024-21444
cve-2024-26173
cve-2024-26170
cve-2024-21432
cve-2024-26160
cve-2024-21437
cve-2024-21408
cve-2024-21407
cve-2024-21430
cve-2024-26169
cve-2024-26181
cve-2023-28746
cve-2024-26178
cve-2024-21445
cve-2024-21439
cve-2024-26197

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

44.5%

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Microsoft AllJoyn API can be exploited remotely to cause denial of service.
  2. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  4. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  6. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in Windows Composite Image File System (CimFS) can be exploited remotely to gain privileges.
  8. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely to gain privileges.
  9. An information disclosure vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to obtain sensitive information.
  10. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
  12. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  13. A remote code execution vulnerability in Windows USB Attached SCSI (UAS) Protocol can be exploited remotely to execute arbitrary code.
  14. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  15. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
  16. An information disclosure vulnerability in RFDS can be exploited remotely to obtain sensitive information.
  17. An elevation of privilege vulnerability in Windows USB Print Driver can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
  19. A denial of service vulnerability in Windows Standards-Based Storage Management Service can be exploited remotely to cause denial of service.
  20. An elevation of privilege vulnerability in Microsoft Windows SCSI Class System File can be exploited remotely to gain privileges.
  21. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  22. A security feature bypass vulnerability in Hypervisor-Protected Code Integrity (HVCI) can be exploited remotely to bypass security restrictions.
  23. A security feature bypass vulnerability in Windows Kerberos can be exploited remotely to bypass security restrictions.
  24. A remote code execution vulnerability in Windows USB Hub Driver can be exploited remotely to execute arbitrary code.
  25. A tampering vulnerability in Windows Compressed Folder can be exploited remotely to spoof user interface.
  26. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  27. A denial of service vulnerability in Microsoft QUIC can be exploited remotely to cause denial of service.
  28. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2024-21438

CVE-2024-21441

CVE-2024-26162

CVE-2024-21446

CVE-2024-21443

CVE-2024-21440

CVE-2024-26182

CVE-2024-21433

CVE-2024-21444

CVE-2024-26173

CVE-2024-26170

CVE-2024-21432

CVE-2024-26160

CVE-2024-21437

CVE-2024-21408

CVE-2024-21407

CVE-2024-21430

CVE-2024-26169

CVE-2024-26181

CVE-2023-28746

CVE-2024-26178

CVE-2024-21445

CVE-2024-21439

CVE-2024-26197

CVE-2024-21434

CVE-2024-21450

CVE-2024-26161

CVE-2024-26159

CVE-2024-21442

CVE-2024-26177

CVE-2024-26176

CVE-2024-26174

CVE-2024-21431

CVE-2024-21427

CVE-2024-21429

CVE-2024-21451

CVE-2024-26185

CVE-2024-21436

CVE-2024-26190

CVE-2024-21435

CVE-2024-26166

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2024-21439 high

CVE-2024-26197 high

CVE-2024-21441 critical

CVE-2024-21450 warning

CVE-2024-26161 critical

CVE-2024-26162 critical

CVE-2024-21446 critical

CVE-2024-26166 critical

CVE-2024-26159 critical

CVE-2024-21440 warning

CVE-2024-26177 high

CVE-2024-21433 high

CVE-2024-21444 critical

CVE-2024-26176 warning

CVE-2024-26173 critical

CVE-2024-21432 high

CVE-2024-21430 warning

CVE-2024-26174 high

CVE-2024-21437 critical

CVE-2024-21407 critical

CVE-2024-21427 critical

CVE-2024-21429 high

CVE-2024-21451 critical

CVE-2024-26169 critical

CVE-2024-21436 critical

CVE-2024-26181 high

CVE-2023-28746 warning

CVE-2024-26178 critical

CVE-2024-21438 critical

CVE-2024-21443 high

CVE-2024-26182 critical

CVE-2024-26170 critical

CVE-2024-26160 warning

CVE-2024-21408 high

CVE-2024-21445 high

CVE-2024-21434 critical

CVE-2024-21442 critical

CVE-2024-21431 critical

CVE-2024-26185 high

CVE-2024-26190 critical

CVE-2024-21435 critical

KB list

5035855

5035856

5035853

5035854

5035849

5035857

5035959

5035858

5035845

5036899

5036909

5036910

5036896

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows 10 Version 1607 for x64-based SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 22H2 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2019 (Server Core installation)Windows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows Server 2022 (Server Core installation)Windows 10 Version 1809 for 32-bit SystemsWindows Server 2019Windows 10 Version 22H2 for ARM64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1607 for 32-bit SystemsWindows Server 2016Windows Server 2022Windows 10 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 Version 23H2 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for 32-bit Systems

References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

44.5%