Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11871
HistoryNov 12, 2019 - 12:00 a.m.

KLA11871 Multiple vulnerabilities in Microsoft Products (ESU)

2019-11-1200:00:00
Kaspersky Lab
threats.kaspersky.com
22

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

10 High

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

JSON

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to cause denial of service;
  2. An elevation of privilege vulnerability in Win32k can be exploited remotely via specially crafted application to gain privileges;
  3. A remote code execution vulnerability in Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code;
  4. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges;
  5. A remote code execution vulnerability in Win32k Graphics can be exploited remotely via specially crafted embedded to execute arbitrary code;
  6. An elevation of privilege vulnerability in Windows UPnP Service can be exploited remotely via specially crafted script to gain privileges;
  7. A remote code execution vulnerability in Jet Database Engine can be exploited remotely via specially crafted file to execute arbitrary code;
  8. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely via specially crafted application to gain privileges;
  9. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  10. An information disclosure vulnerability in Windows Kernel can be exploited remotely via specially crafted application to obtain sensitive information;
  11. A security feature bypass vulnerability in NetLogon can be exploited remotely to bypass security restrictions;
  12. An elevation of privilege vulnerability in Windows can be exploited remotely via specially crafted application to gain privileges;
  13. An information disclosure vulnerability in Windows Remote Procedure Call can be exploited remotely via specially crafted application to obtain sensitive information;
  14. A denial of service vulnerability in Windows can be exploited remotely via specially crafted application to cause denial of service;
  15. An elevation of privilege vulnerability in Microsoft ActiveX Installer Service can be exploited remotely via specially crafted application to gain privileges;
  16. A security feature bypass vulnerability in Microsoft Windows can be exploited remotely via specially crafted authentication to bypass security restrictions;
  17. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely via specially crafted application to execute arbitrary code;
  18. An elevation of privilege vulnerability in Windows Certificate Dialog can be exploited remotely via specially crafted application to gain privileges;
  19. A remote code execution vulnerability in OpenType Font Parsing can be exploited remotely via specially crafted to execute arbitrary code;
  20. An elevation of privilege vulnerability in Windows User Profile Service can be exploited remotely via specially crafted application to gain privileges;
  21. An information disclosure vulnerability in Windows Modules Installer Service can be exploited remotely via specially crafted application to obtain sensitive information;
  22. An information disclosure vulnerability in Windows GDI can be exploited remotely via specially crafted document to obtain sensitive information;
  23. An information disclosure vulnerability in DirectWrite can be exploited remotely via specially crafted document to obtain sensitive information;
  24. An information disclosure vulnerability in OpenType Font Driver can be exploited remotely via specially crafted fonts to obtain sensitive information;
  25. A remote code execution vulnerability in VBScript can be exploited remotely via specially crafted website to execute arbitrary code.

Original advisories

CVE-2019-0712

CVE-2019-1408

CVE-2019-0719

CVE-2019-1415

CVE-2019-1441

CVE-2019-1405

CVE-2019-1406

CVE-2019-1407

CVE-2019-1429

CVE-2019-11135

CVE-2019-1424

CVE-2019-1422

CVE-2019-1409

CVE-2018-12207

CVE-2019-1382

CVE-2019-1384

CVE-2019-1389

CVE-2019-1388

CVE-2019-1456

CVE-2019-1454

CVE-2019-1419

CVE-2019-1418

CVE-2019-1439

CVE-2019-1438

CVE-2019-1435

CVE-2019-1434

CVE-2019-1411

CVE-2019-1433

CVE-2019-1432

CVE-2019-1399

CVE-2019-1412

CVE-2019-1394

CVE-2019-1395

CVE-2019-1396

CVE-2019-1397

CVE-2019-1390

CVE-2019-1391

CVE-2019-1393

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Internet-Explorer

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

CVE list

CVE-2019-1429 critical

CVE-2019-1390 critical

CVE-2019-1415 warning

CVE-2019-1411 warning

CVE-2019-0712 high

CVE-2019-1424 high

CVE-2019-1399 high

CVE-2019-1396 high

CVE-2019-1395 high

CVE-2019-1439 warning

CVE-2019-1454 warning

CVE-2018-12207 warning

CVE-2019-1406 critical

CVE-2019-1382 warning

CVE-2019-1391 warning

CVE-2019-11135 warning

CVE-2019-1394 high

CVE-2019-1434 high

CVE-2019-1433 high

CVE-2019-1418 warning

CVE-2019-1432 warning

CVE-2019-1409 warning

CVE-2019-1389 critical

CVE-2019-1393 high

CVE-2019-0719 critical

CVE-2019-1384 high

CVE-2019-1441 critical

CVE-2019-1419 high

CVE-2019-1408 high

CVE-2019-1456 high

CVE-2019-1412 warning

CVE-2019-1397 critical

CVE-2019-1388 high

CVE-2019-1405 high

CVE-2019-1438 high

CVE-2019-1435 high

CVE-2019-1422 warning

CVE-2019-1407 high

KB list

4516065

4516033

4520009

4520003

4520002

4519976

4525234

4525235

4525106

4525239

4525233

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 10 for 32-bit SystemsWindows Server, version 1803 (Server Core Installation)Windows 10 Version 1903 for x64-based SystemsInternet Explorer 9Windows 10 for x64-based SystemsWindows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2012Windows 8.1 for x64-based systemsWindows 8.1 for 32-bit systemsWindows Server 2008 for 32-bit Systems Service Pack 2Internet Explorer 11Windows Server 2008 for x64-based Systems Service Pack 2Windows 10 Version 1803 for ARM64-based SystemsWindows Server 2016Windows 10 Version 1709 for x64-based SystemsWindows RT 8.1Windows 10 Version 1709 for ARM64-based SystemsWindows Server 2008 for Itanium-Based Systems Service Pack 2Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1703 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server 2012 R2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 10 Version 1803 for x64-based SystemsWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows 10 Version 1703 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server, version 1709 (Server Core Installation)Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows 10 Version 1709 for 32-bit SystemsInternet Explorer 10Windows Server 2012 R2Windows Server 2019

References

Related

nessus 43
openvas 17
mskb 16
cve 23
prion 23
nvd 23
cvelist 23
kaspersky 1
talosblog 1
suse 2
redhat 15
oraclelinux 5
citrix 1
vmware 1
centos 1
mageia 1
qualysblog 1
osv 1
fedora 1
nessus
nessus
KB4525239: Windows Server 2008 November 2019 Security Update
2019-11-12 00:00:00
KB4525233: Windows 7 and Windows Server 2008 R2 November 2019 Security Update
2019-11-12 00:00:00
KB4525253: Windows Server 2012 November 2019 Security Update
2019-11-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4525235)
2019-11-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4525243)
2019-11-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4525232)
2019-11-13 00:00:00
mskb
mskb
November 12, 2019—KB4525235 (Monthly Rollup)
2019-11-12 08:00:00
November 12, 2019—KB4525239 (Security-only update)
2019-11-12 08:00:00
November 12, 2019—KB4525234 (Monthly Rollup)
2019-11-12 08:00:00
cve
cve
CVE-2019-1393
2019-11-12 19:15:12
CVE-2019-1394
2019-11-12 19:15:12
CVE-2019-1396
2019-11-12 19:15:13
prion
prion
Privilege escalation
2019-11-12 19:15:00
Privilege escalation
2019-11-12 19:15:00
Privilege escalation
2019-11-12 19:15:00
nvd
nvd
CVE-2019-1434
2019-11-12 19:15:15
CVE-2019-1396
2019-11-12 19:15:13
CVE-2019-1395
2019-11-12 19:15:13
cvelist
cvelist
CVE-2019-1394
2019-11-12 18:52:57
CVE-2019-1395
2019-11-12 18:52:57
CVE-2019-1393
2019-11-12 18:52:56
kaspersky
kaspersky
KLA11608 Multiple vulnerabilities in Microsoft Windows
2019-11-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
2019-11-12 11:58:09
suse
suse
Security update for spectre-meltdown-checker (moderate)
2019-12-31 00:00:00
Security update for qemu (important)
2019-11-14 00:00:00
redhat
redhat
(RHSA-2020:0026) Important: kpatch-patch security update
2020-01-06 13:40:28
(RHSA-2019:3842) Important: kernel security update
2019-11-12 20:16:23
(RHSA-2019:3936) Important: kpatch-patch security update
2019-11-20 20:35:20
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-11-12 00:00:00
microcode_ctl security update
2019-12-04 00:00:00
microcode_ctl security update
2019-12-04 00:00:00
citrix
citrix
Citrix Hypervisor Security Update
2019-11-12 05:00:00
vmware
vmware
VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)
2019-11-12 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2019-11-14 19:41:10
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-11-20 00:16:53
qualysblog
qualysblog
November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe
2019-11-12 19:28:42
osv
osv
linux-4.9 - security update
2019-11-12 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: microcode_ctl-2.1-33.fc30
2019-11-13 06:28:06

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

10 High

AI Score

Confidence

Low

0.971 High

EPSS

Percentile

99.8%

JSON
Related for KLA11871
nessus43openvas17mskb16cve23prion23nvd23cvelist23kaspersky1talosblog1suse2redhat15oraclelinux5citrix1vmware1centos1mageia1qualysblog1osv1fedora1