KLA12309 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, obtain sensitive information, gain privileges, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. A spoofing vulnerability in Windows Print Spooler can be exploited remotely to spoof user interface.
2. A spoofing vulnerability in Windows Installer can be exploited remotely to spoof user interface.
3. An information disclosure vulnerability in Windows Fast FAT File System Driver can be exploited remotely to obtain sensitive information.
4. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
6. An information disclosure vulnerability in Windows exFAT File System can be exploited remotely to obtain sensitive information.
7. A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
8. An elevation of privilege vulnerability in Windows HTTP.sys can be exploited remotely to gain privileges.
9. An information disclosure vulnerability in Windows Print Spooler can be exploited remotely to obtain sensitive information.
10. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
11. A remote code execution vulnerability in Windows Media Audio Decoder can be exploited remotely to execute arbitrary code.
12. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
13. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
14. A denial of service vulnerability in Windows TCP/IP can be exploited remotely to cause denial of service.
15. An elevation of privilege vulnerability in Storage Spaces Controller can be exploited remotely to gain privileges.
16. A security feature bypass vulnerability in Windows Remote Procedure Call Runtime can be exploited remotely to bypass security restrictions.
17. A remote code execution vulnerability in Windows Text Shaping can be exploited remotely to execute arbitrary code.
18. An elevation of privilege vulnerability in Windows AppContainer can be exploited remotely to gain privileges.
19. An information disclosure vulnerability in Rich Text Edit Control can be exploited remotely to obtain sensitive information.
20. A denial of service vulnerability in Windows NAT can be exploited remotely to cause denial of service.
21. An elevation of privilege vulnerability in Windows Event Tracing can be exploited remotely to gain privileges.

Original advisories

CVE-2021-36970

CVE-2021-40455

CVE-2021-38662

CVE-2021-41335

CVE-2021-40449

CVE-2021-38663

CVE-2021-41342

CVE-2021-26442

CVE-2021-41332

CVE-2021-40466

CVE-2021-41331

CVE-2021-40469

CVE-2021-41340

CVE-2021-40467

CVE-2021-36953

CVE-2021-40489

CVE-2021-40443

CVE-2021-40460

CVE-2021-40465

CVE-2021-41343

CVE-2021-40478

CVE-2021-26441

CVE-2021-40476

CVE-2021-40454

CVE-2021-41345

CVE-2021-40463

CVE-2021-40477

CVE-2021-40488

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2021-36970 critical

CVE-2021-40455 high

CVE-2021-38662 high

CVE-2021-41335 critical

CVE-2021-40449 critical

CVE-2021-38663 high

CVE-2021-41342 high

CVE-2021-26442 high

CVE-2021-41332 high

CVE-2021-40466 critical

CVE-2021-41331 critical

CVE-2021-40469 high

CVE-2021-41340 critical

CVE-2021-40467 critical

CVE-2021-36953 critical

CVE-2021-40489 critical

CVE-2021-40443 critical

CVE-2021-40460 high

CVE-2021-40465 critical

CVE-2021-41343 high

CVE-2021-40477 critical

CVE-2021-41345 critical

CVE-2021-40488 critical

CVE-2021-40476 critical

CVE-2021-40463 critical

CVE-2021-40478 critical

CVE-2021-26441 critical

CVE-2021-40454 high

KB list

5006729

5006671

5006732

5006736

5006743

5006728

5006714

5006715

5006739

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Windows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012Windows Server 2012 R2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)