Kaspersky LabKLA12199KLA12199 Multiple vulnerabilities in Microsoft Apps
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.065 Low
EPSS
Percentile
93.8%
Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Paint 3D can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in 3D Viewer can be exploited remotely to execute arbitrary code.
- An information disclosure vulnerability in 3D Viewer can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Microsoft Intune Management Extension can be exploited remotely to execute arbitrary code.
Original advisories
Related products
Microsoft-Internet-Information-Services
CVE list
CVE-2021-31983 critical
CVE-2021-31943 critical
CVE-2021-31945 critical
CVE-2021-31944 warning
CVE-2021-31942 critical
CVE-2021-31946 critical
CVE-2021-31980 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Affected Products
- 3D ViewerPaint 3DIntune management extension
References
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31942
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31943
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31944
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31945
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31946
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31980
api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31983
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Internet-Information-Services/
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.065 Low
EPSS
Percentile
93.8%