KLA12524 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges, cause denial of service, spoof user interface.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows LDAP can be exploited remotely to execute arbitrary code.
2. An information disclosure vulnerability in Windows Server Service can be exploited remotely to obtain sensitive information.
3. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
4. A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
5. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
6. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
7. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
8. A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.
9. An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
10. An information disclosure vulnerability in Windows Remote Desktop Protocol (RDP) can be exploited remotely to gain privileges.
11. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
12. A remote code execution vulnerability in Windows Address Book can be exploited remotely to execute arbitrary code.
13. A remote code execution vulnerability in Point-to-Point Tunneling Protocol can be exploited remotely to execute arbitrary code.
14. A denial of service vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to cause denial of service.
15. A spoofing vulnerability in Windows LSA can be exploited remotely to to spoof user interface.
16. A remote code execution vulnerability in Microsoft Windows Media Foundation can be exploited remotely to execute arbitrary code.
17. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
18. An information disclosure vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to gain privileges.
19. An elevation of privilege vulnerability in Windows Cluster Shared Volume (CSV) can be exploited remotely to gain privileges.
20. An information disclosure vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
21. An elevation of privilege vulnerability in Windows Clustered Shared Volume can be exploited remotely to gain privileges.
22. An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
23. An information disclosure vulnerability in Windows Failover Cluster can be exploited remotely to obtain sensitive information.
24. An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
25. An elevation of privilege vulnerability in Windows Push Notifications Apps can be exploited remotely to gain privileges.
26. An elevation of privilege vulnerability in Tablet Windows User Interface Application Core can be exploited remotely to gain privileges.
27. An information disclosure vulnerability in Windows Clustered Shared Volume can be exploited remotely to gain privileges.
28. An information disclosure vulnerability in Windows NTFS can be exploited remotely to obtain sensitive information.
29. An information disclosure vulnerability in Windows Clustered Shared Volume can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2022-29137

CVE-2022-22019

CVE-2022-29139

CVE-2022-29129

CVE-2022-29141

CVE-2022-29132

CVE-2022-29130

CVE-2022-29128

CVE-2022-26936

CVE-2022-29115

CVE-2022-29127

CVE-2022-22012

CVE-2022-26931

CVE-2022-22013

CVE-2022-29112

CVE-2022-26937

CVE-2022-29103

CVE-2022-22015

CVE-2022-26926

CVE-2022-23270

CVE-2022-29121

CVE-2022-21972

CVE-2022-26925

CVE-2022-29105

CVE-2022-22011

CVE-2022-26935

CVE-2022-26934

CVE-2022-22014

CVE-2022-29150

CVE-2022-29114

CVE-2022-29138

CVE-2022-26923

CVE-2022-29135

CVE-2022-29104

CVE-2022-29102

CVE-2022-26930

CVE-2022-29151

CVE-2022-29125

CVE-2022-29126

CVE-2022-29123

CVE-2022-26933

CVE-2022-29120

CVE-2022-29134

CVE-2022-29122

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2022-29137 critical

CVE-2022-26936 high

CVE-2022-29115 critical

CVE-2022-29127 warning

CVE-2022-22012 critical

CVE-2022-26931 critical

CVE-2022-22013 critical

CVE-2022-22019 critical

CVE-2022-29139 critical

CVE-2022-29129 critical

CVE-2022-29141 critical

CVE-2022-29112 high

CVE-2022-26937 critical

CVE-2022-29103 critical

CVE-2022-22015 high

CVE-2022-29132 critical

CVE-2022-29130 critical

CVE-2022-26926 critical

CVE-2022-23270 critical

CVE-2022-29121 high

CVE-2022-21972 critical

CVE-2022-26925 high

CVE-2022-29105 critical

CVE-2022-22011 high

CVE-2022-26935 high

CVE-2022-29128 critical

CVE-2022-26934 high

CVE-2022-22014 critical

CVE-2022-29104 critical

CVE-2022-29102 high

CVE-2022-29151 high

CVE-2022-29122 high

CVE-2022-29150 high

CVE-2022-29125 high

CVE-2022-29138 high

CVE-2022-26933 high

CVE-2022-29135 high

CVE-2022-29134 high

CVE-2022-26923 critical

CVE-2022-26930 high

CVE-2022-29123 high

CVE-2022-29120 high

CVE-2022-29126 high

CVE-2022-29114 high

KB list

5014010

5013999

5014006

5014012

5014018

5014001

5014011

5014017

5025288

5025285

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Windows Server 2008 for 32-bit Systems Service Pack 2Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2012 (Server Core installation)