Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12310
HistoryOct 12, 2021 - 12:00 a.m.

KLA12310 Multiple vulnerabilities in Microsoft Windows

2021-10-1200:00:00
Kaspersky Lab
threats.kaspersky.com
31

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.512 Medium

EPSS

Percentile

97.6%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, obtain sensitive information, spoof user interface, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Nearby Sharing can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Windows Event Tracing can be exploited remotely to gain privileges.
  3. A security feature bypass vulnerability in Active Directory can be exploited remotely to bypass seucirty restrictions.
  4. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
  5. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  6. A spoofing vulnerability in Windows Installer can be exploited remotely to spoof user interface.
  7. An elevation of privilege vulnerability in Storage Spaces Controller can be exploited remotely to gain privileges.
  8. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  9. An information disclosure vulnerability in Windows Bind Filter Driver can be exploited remotely to obtain sensitive information.
  10. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  11. An information disclosure vulnerability in Windows exFAT File System can be exploited remotely to obtain sensitive information.
  12. An elevation of privilege vulnerability in Windows AppContainer can be exploited remotely to gain privileges.
  13. A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
  14. An elevation of privilege vulnerability in Windows HTTP.sys can be exploited remotely to gain privileges.
  15. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  16. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
  17. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  18. A remote code execution vulnerability in Windows Graphics Component can be exploited remotely to execute arbitrary code.
  19. A remote code execution vulnerability in Microsoft Windows Media Foundation can be exploited remotely to execute arbitrary code.
  20. A denial of service vulnerability in Windows NAT can be exploited remotely to cause denial of service.
  21. An information disclosure vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to obtain sensitive information.
  22. An information disclosure vulnerability in Windows Fast FAT File System Driver can be exploited remotely to obtain sensitive information.
  23. A security feature bypass vulnerability in Console Window Host can be exploited remotely to bypass security restrictions.
  24. A security feature bypass vulnerability in Windows AD FS can be exploited remotely to bypass security restrictions.
  25. A remote code execution vulnerability in Windows Media Foundation Dolby Digital Atmos Decoders can be exploited remotely to execute arbitrary code.
  26. A spoofing vulnerability in Windows Print Spooler can be exploited remotely to spoof user interface.
  27. An information disclosure vulnerability in Windows Print Spooler can be exploited remotely to obtain sensitive information.
  28. A remote code execution vulnerability in Windows Media Audio Decoder can be exploited remotely to execute arbitrary code.
  29. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  30. A security feature bypass vulnerability in Windows AppContainer Firewall Rules can be exploited remotely to bypass security restrictions.
  31. An elevation of privilege vulnerability in Windows AppX Deployment Service can be exploited remotely to gain privileges.
  32. A denial of service vulnerability in Windows TCP/IP can be exploited remotely to cause denial of service.
  33. A security feature bypass vulnerability in Windows Remote Procedure Call Runtime can be exploited remotely to bypass security restrictions.
  34. A remote code execution vulnerability in Windows Text Shaping can be exploited remotely to execute arbitrary code.
  35. An information disclosure vulnerability in Rich Text Edit Control can be exploited remotely to obtain sensitive information.
  36. A spoofing vulnerability in Active Directory Federation Server can be exploited remotely to spoof user interface.
  37. An elevation of privilege vulnerability in Windows Desktop Bridge can be exploited remotely to gain privileges.

Original advisories

CVE-2021-40464

CVE-2021-40477

CVE-2021-41337

CVE-2021-40470

CVE-2021-41336

CVE-2021-40455

CVE-2021-41345

CVE-2021-41335

CVE-2021-40468

CVE-2021-40449

CVE-2021-40488

CVE-2021-38663

CVE-2021-40476

CVE-2021-41342

CVE-2021-26442

CVE-2021-40461

CVE-2021-41339

CVE-2021-40467

CVE-2021-41340

CVE-2021-41330

CVE-2021-40443

CVE-2021-40489

CVE-2021-40463

CVE-2021-40475

CVE-2021-41343

CVE-2021-41346

CVE-2021-40478

CVE-2021-40456

CVE-2021-40462

CVE-2021-36970

CVE-2021-38662

CVE-2021-41357

CVE-2021-41332

CVE-2021-40466

CVE-2021-41331

CVE-2021-38672

CVE-2021-40469

CVE-2021-41338

CVE-2021-40450

CVE-2021-41347

CVE-2021-36953

CVE-2021-40460

CVE-2021-26441

CVE-2021-40465

CVE-2021-40454

CVE-2021-41361

CVE-2021-41334

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Office

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-8

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

CVE list

CVE-2021-36970 critical

CVE-2021-40455 high

CVE-2021-38662 high

CVE-2021-41335 critical

CVE-2021-40449 critical

CVE-2021-38663 high

CVE-2021-41342 high

CVE-2021-26442 high

CVE-2021-41332 high

CVE-2021-40466 critical

CVE-2021-41331 critical

CVE-2021-40469 high

CVE-2021-41340 critical

CVE-2021-40467 critical

CVE-2021-36953 critical

CVE-2021-40489 critical

CVE-2021-40443 critical

CVE-2021-40460 high

CVE-2021-40465 critical

CVE-2021-41343 high

CVE-2021-40464 critical

CVE-2021-40477 critical

CVE-2021-41337 warning

CVE-2021-40470 critical

CVE-2021-41336 high

CVE-2021-41345 critical

CVE-2021-40468 high

CVE-2021-40488 critical

CVE-2021-40476 critical

CVE-2021-40461 critical

CVE-2021-41339 warning

CVE-2021-41330 critical

CVE-2021-40463 critical

CVE-2021-40475 high

CVE-2021-41346 high

CVE-2021-40478 critical

CVE-2021-40456 high

CVE-2021-40462 critical

CVE-2021-41357 critical

CVE-2021-38672 critical

CVE-2021-41338 high

CVE-2021-40450 critical

CVE-2021-41347 critical

CVE-2021-26441 critical

CVE-2021-40454 high

CVE-2021-41361 high

CVE-2021-41334 high

KB list

5006699

5006672

5006674

5006670

5006667

5006669

5006729

5006671

5006675

5006714

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows 10 for 32-bit SystemsWindows Server, version 2004 (Server Core installation)Windows RT 8.1Windows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 7 for 32-bit Systems Service Pack 1Windows Server, version 20H2 (Server Core Installation)Windows 7 for x64-based Systems Service Pack 1Windows Server 2012 (Server Core installation)Windows 10 Version 21H1 for ARM64-based SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 20H2 for 32-bit SystemsWindows 11 for x64-based SystemsWindows Server 2019 (Server Core installation)Windows 10 Version 1909 for ARM64-based SystemsWindows Server 2012 R2Windows 10 Version 2004 for 32-bit SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2022 (Server Core installation)Windows 10 Version 1607 for 32-bit SystemsWindows 11 for ARM64-based SystemsWindows 10 Version 1909 for x64-based SystemsWindows Server 2008 for x64-based Systems Service Pack 2Windows Server 2016Windows Server 2008 for 32-bit Systems Service Pack 2Windows 10 Version 2004 for ARM64-based SystemsWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows 10 Version 20H2 for x64-based SystemsWindows 10 for x64-based SystemsWindows 10 Version 21H1 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows Server 2012Windows 10 Version 2004 for x64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1909 for 32-bit SystemsWindows Server 2019Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows 8.1 for x64-based systemsWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows 8.1 for 32-bit systems

References

Related

nessus 11
openvas 8
mskb 16
kaspersky 1
rapid7blog 1
thn 1
qualysblog 1
malwarebytes 1
threatpost 1
krebs 1
vulnrichment 8
nvd 25
cvelist 30
cve 28
prion 26
mscve 28
zdi 3
checkpoint_advisories 5
attackerkb 2
cisa_kev 2
nessus
nessus
KB5006670: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 October 2021 Security Update
2021-10-12 00:00:00
KB5006674: Windows 11 Security Update (October 2021)
2021-10-12 00:00:00
KB5006669: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2021)
2021-10-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5006667)
2021-10-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5006674)
2023-08-07 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5006670)
2021-10-13 00:00:00
mskb
mskb
October 12, 2021—KB5006699 (OS Build 20348.288)
2021-10-12 07:00:00
October 12, 2021—KB5006672 (OS Build 17763.2237)
2021-10-12 07:00:00
October 12, 2021—KB5006670 (OS Builds 19041.1288, 19042.1288, and 19043.1288)
2021-10-12 07:00:00
kaspersky
kaspersky
KLA12309 Multiple vulnerabilities in Microsoft Products (ESU)
2021-10-12 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - October 2021
2021-10-12 19:47:16
thn
thn
Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack
2021-10-13 05:49:00
qualysblog
qualysblog
Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities
2021-10-13 14:14:18
malwarebytes
malwarebytes
Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday
2021-10-13 15:41:24
threatpost
threatpost
Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs
2021-10-12 21:51:06
krebs
krebs
Patch Tuesday, October 2021 Edition
2021-10-12 19:52:09
vulnrichment
vulnrichment
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability
2021-10-13 00:28:21
CVE-2021-41345 Storage Spaces Controller Elevation of Privilege Vulnerability
2021-10-13 00:28:05
CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
2021-10-13 00:27:43
nvd
nvd
CVE-2021-41337
2021-10-13 01:15:12
CVE-2021-41346
2021-10-13 01:15:13
CVE-2021-41336
2021-10-13 01:15:12
cvelist
cvelist
CVE-2021-40478 Storage Spaces Controller Elevation of Privilege Vulnerability
2021-10-13 00:27:25
CVE-2021-41336 Windows Kernel Information Disclosure Vulnerability
2021-10-13 00:27:51
CVE-2021-41347 Windows AppX Deployment Service Elevation of Privilege Vulnerability
2021-10-13 00:28:08
cve
cve
CVE-2021-41336
2021-10-13 01:15:12
CVE-2021-40456
2021-10-13 01:15:09
CVE-2021-41346
2021-10-13 01:15:13
prion
prion
Spoofing
2021-10-13 01:15:00
Remote code execution
2021-10-13 01:15:00
Security feature bypass
2021-10-13 01:15:00
mscve
mscve
Console Window Host Security Feature Bypass Vulnerability
2021-10-12 07:00:00
Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
2021-10-12 07:00:00
Storage Spaces Controller Elevation of Privilege Vulnerability
2021-10-12 07:00:00
zdi
zdi
Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability
2021-10-14 00:00:00
Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability
2021-10-14 00:00:00
Microsoft Windows storport Integer Overflow Privilege Escalation Vulnerability
2021-10-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft DirectX Graphics Kernel Elevation of Privilege (CVE-2021-40470)
2021-10-12 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2021-40450)
2021-10-12 00:00:00
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-40467)
2021-10-12 00:00:00
attackerkb
attackerkb
CVE-2021-40450
2021-10-13 00:00:00
CVE-2021-41357
2021-10-13 00:00:00
cisa_kev
cisa_kev
Microsoft Win32k Privilege Escalation Vulnerability
2022-04-25 00:00:00
Microsoft Win32k Privilege Escalation Vulnerability
2022-04-25 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.512 Medium

EPSS

Percentile

97.6%

JSON
Related for KLA12310
nessus11openvas8mskb16kaspersky1rapid7blog1thn1qualysblog1malwarebytes1threatpost1krebs1vulnrichment8nvd25cvelist30cve28prion26mscve28zdi3checkpoint_advisories5attackerkb2cisa_kev2