KLA12388 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Windows Encrypting File System (EFS) can be exploited remotely to execute arbitrary code.
2. An information disclosure vulnerability in Microsoft Local Security Authority Server (lsasrv) can be exploited remotely to obtain sensitive information.
3. An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
4. An elevation of privilege vulnerability in Windows Remote Access can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
6. An elevation of privilege vulnerability in Windows NTFS can be exploited remotely to gain privileges.
7. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
8. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
9. A memory corruption vulnerability in iSNS Server can be exploited remotely to execute arbitrary code.
10. An elevation of privilege vulnerability in Windows Encrypting File System (EFS) can be exploited remotely to gain privileges.
11. An information disclosure vulnerability in Windows Common Log File System Driver can be exploited remotely to obtain sensitive information.
12. An information disclosure vulnerability in Microsoft Message Queuing can be exploited remotely to obtain sensitive information.
13. A remote code execution vulnerability in Remote Desktop Client can be exploited remotely to execute arbitrary code.
14. An elevation of privilege vulnerability in Windows Digital TV Tuner can be exploited remotely to gain privileges.
15. An elevation of privilege vulnerability in Windows Media Center can be exploited remotely to gain privileges.
16. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
17. A remote code execution vulnerability in Windows Event Tracing can be exploited remotely to execute arbitrary code.
18. An elevation of privilege vulnerability in Windows Digital Media Receiver can be exploited remotely to gain privileges.

Original advisories

CVE-2021-43217

CVE-2021-43216

CVE-2021-43223

CVE-2021-43238

CVE-2021-43883

CVE-2021-43229

CVE-2021-43226

CVE-2021-43234

CVE-2021-43215

CVE-2021-43893

CVE-2021-43230

CVE-2021-43224

CVE-2021-43222

CVE-2021-43233

CVE-2021-43245

CVE-2021-40441

CVE-2021-41333

CVE-2021-43236

CVE-2021-43207

CVE-2021-43232

CVE-2021-43248

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-7

Microsoft-Windows-Server-2008

CVE list

CVE-2021-43217 critical

CVE-2021-43216 high

CVE-2021-43223 critical

CVE-2021-43238 critical

CVE-2021-43883 critical

CVE-2021-43229 critical

CVE-2021-43226 critical

CVE-2021-43232 critical

CVE-2021-43234 critical

CVE-2021-43215 critical

CVE-2021-43893 critical

CVE-2021-43230 critical

CVE-2021-43224 high

CVE-2021-43222 critical

CVE-2021-43233 critical

CVE-2021-43245 critical

CVE-2021-40441 critical

CVE-2021-43248 critical

CVE-2021-41333 critical

CVE-2021-43236 critical

CVE-2021-43207 critical

KB list

5008263

5008277

5008285

5008255

5008274

5008244

5008282

5008271

5015875

5015863

5015877

5015874

5015862

5015861

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Windows 7 for x64-based Systems Service Pack 1Windows 7 for 32-bit Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1