Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA19245
HistorySep 13, 2022 - 12:00 a.m.

KLA19245 Multiple vulnerabilities in Microsoft Windows

2022-09-1300:00:00
Kaspersky Lab
threats.kaspersky.com
154

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.235 Low

EPSS

Percentile

96.6%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft OLE DB Provider for SQL Server can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  4. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Windows Credential Roaming Service can be exploited remotely to gain privileges.
  6. A denial of service vulnerability in Windows DNS Server can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  8. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  9. A remote code execution vulnerability in Windows TCP/IP can be exploited remotely to execute arbitrary code.
  10. A remote code execution vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions can be exploited remotely to execute arbitrary code.
  11. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  12. An elevation of privilege vulnerability in Windows Group Policy can be exploited remotely to gain privileges.
  13. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
  14. An elevation of privilege vulnerability in Windows GDI can be exploited remotely to gain privileges.
  15. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
  16. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  17. An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to obtain sensitive information.
  18. An information disclosure vulnerability in Windows DPAPI (Data Protection Application Programming Interface) can be exploited remotely to obtain sensitive information.
  19. A security feature bypass vulnerability in Network Device Enrollment Service (NDES) can be exploited remotely to bypass security restrictions.
  20. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely to gain privileges.
  21. A remote code execution vulnerability in Raw Image Extension can be exploited remotely to execute arbitrary code.
  22. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  23. A denial of service vulnerability in Windows Event Tracing can be exploited remotely to cause denial of service.
  24. An information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism can be exploited remotely to obtain sensitive information.
  25. An elevation of privilege vulnerability in Windows Photo Import API can be exploited remotely to gain privileges.
  26. An elevation of privilege vulnerability in DirectX Graphics Kernel can be exploited remotely to gain privileges.
  27. An information disclosure vulnerability in Certain Arm Cortex can be exploited remotely to obtain sensitive information.
  28. A remote code execution vulnerability in Windows Enterprise App Management Service can be exploited remotely to execute arbitrary code.
  29. A denial of service vulnerability in Windows Internet Key Exchange (IKE) Extension can be exploited remotely to cause denial of service.
  30. An elevation of privilege vulnerability in Windows Distributed File System (DFS) can be exploited remotely to gain privileges.
  31. A remote code execution vulnerability in AV1 Video Extension can be exploited remotely to execute arbitrary code.
  32. A denial of service vulnerability in HTTP V3 can be exploited remotely to cause denial of service.

Original advisories

CVE-2022-35840

CVE-2022-38004

CVE-2022-34727

CVE-2022-37969

CVE-2022-30170

CVE-2022-34724

CVE-2022-33647

CVE-2022-34732

CVE-2022-35830

CVE-2022-34726

CVE-2022-34718

CVE-2022-34721

CVE-2022-37957

CVE-2022-37955

CVE-2022-34731

CVE-2022-35803

CVE-2022-30200

CVE-2022-34730

CVE-2022-34729

CVE-2022-38006

CVE-2022-38005

CVE-2022-35831

CVE-2022-34723

CVE-2022-37959

CVE-2022-34725

CVE-2022-38011

CVE-2022-37956

CVE-2022-34733

CVE-2022-35836

CVE-2022-35833

CVE-2022-35832

CVE-2022-35835

CVE-2022-33679

CVE-2022-26928

CVE-2022-37954

CVE-2022-34734

CVE-2022-34728

CVE-2022-23960

CVE-2022-35841

CVE-2022-34720

CVE-2022-34719

CVE-2022-34722

CVE-2022-35837

CVE-2022-38019

CVE-2022-30196

CVE-2022-35838

CVE-2022-35834

CVE-2022-37958

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-8

Windows-RT

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2022-35840 high

CVE-2022-38004 high

CVE-2022-34727 high

CVE-2022-37969 high

CVE-2022-30170 high

CVE-2022-34724 high

CVE-2022-33647 high

CVE-2022-34732 high

CVE-2022-35830 high

CVE-2022-34726 high

CVE-2022-34718 critical

CVE-2022-34721 critical

CVE-2022-37957 high

CVE-2022-37955 high

CVE-2022-34731 high

CVE-2022-35803 high

CVE-2022-30200 high

CVE-2022-34730 high

CVE-2022-34729 high

CVE-2022-38006 high

CVE-2022-38005 high

CVE-2022-35831 high

CVE-2022-34723 high

CVE-2022-37959 high

CVE-2022-34725 high

CVE-2022-38011 high

CVE-2022-37956 high

CVE-2022-34733 high

CVE-2022-35836 high

CVE-2022-35833 high

CVE-2022-35832 high

CVE-2022-37958 high

CVE-2022-35835 high

CVE-2022-33679 high

CVE-2022-26928 high

CVE-2022-37954 high

CVE-2022-34734 high

CVE-2022-34728 high

CVE-2022-23960 unknown

CVE-2022-35841 high

CVE-2022-34720 high

CVE-2022-34719 high

CVE-2022-34722 critical

CVE-2022-35837 high

CVE-2022-38019 high

CVE-2022-30196 high

CVE-2022-35838 high

CVE-2022-35834 high

KB list

5017392

5017316

5017327

5017365

5017367

5017315

5017305

5017328

5017308

5023713

5023702

5023697

5026456

5026370

5026368

5026361

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Windows Server 2016 (Server Core installation)Windows 10 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 for x64-based SystemsWindows 10 Version 21H1 for ARM64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 10 Version 21H1 for 32-bit SystemsWindows Server 2019 (Server Core installation)Raw Image ExtensionWindows 10 Version 1607 for x64-based SystemsWindows Server 2022AV1 Video ExtensionWindows RT 8.1Windows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 8.1 for 32-bit systemsWindows Server 2019Windows Server 2022 (Server Core installation)Windows 10 Version 1809 for 32-bit SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 8.1 for x64-based systemsWindows Server 2016Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 22H2 for 32-bit Systems

References

Related

nessus 12
mskb 15
openvas 7
kaspersky 1
talosblog 1
rapid7blog 1
avleonov 1
thn 3
malwarebytes 1
googleprojectzero 1
zdt 1
krebs 1
qualysblog 1
cve 26
nvd 24
githubexploit 4
mscve 28
checkpoint_advisories 3
cvelist 26
prion 29
trellix 1
schneier 1
hivepro 2
attackerkb 2
zdi 2
veracode 1
vulnrichment 1
cnvd 2
pentestpartners 1
nessus
nessus
KB5017328: Windows 11 Security Update (September 2022)
2022-09-13 00:00:00
KB5017373: Windows Server 2008 R2 Security Update (September 2022)
2022-09-13 00:00:00
KB5017377: Windows Server 2012 Security Update (September 2022)
2022-09-13 00:00:00
mskb
mskb
September 13, 2022—KB5017327 (OS Build 10240.19444)
2022-09-13 07:00:00
September 13, 2022—KB5017315 (OS Build 17763.3406)
2022-09-13 07:00:00
September 13, 2022—KB5017316 (OS Build 20348.1006)
2022-09-13 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5017367)
2022-09-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5017305)
2022-09-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5017308)
2022-09-14 00:00:00
kaspersky
kaspersky
KLA19249 Multiple vulnerabilities in Microsoft Products (ESU)
2022-09-13 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities
2022-09-13 18:01:00
rapid7blog
rapid7blog
Patch Tuesday - September 2022
2022-09-13 20:11:08
avleonov
avleonov
Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB
2022-09-23 22:44:11
thn
thn
Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day
2022-09-14 04:42:00
APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network
2022-11-09 13:47:00
Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month
2022-10-14 17:34:00
malwarebytes
malwarebytes
Update now! Microsoft patches two zero-days
2022-09-14 12:00:00
googleprojectzero
googleprojectzero
RC4 Is Still Considered Harmful
2022-10-27 00:00:00
zdt
zdt
Windows Kerberos RC4 MD4 Encryption Downgrade Privilege Escalation Vulnerability
2022-10-04 00:00:00
krebs
krebs
Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday
2022-09-14 00:23:45
qualysblog
qualysblog
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical.
2022-09-13 20:00:00
cve
cve
CVE-2022-34723
2022-09-13 19:15:10
CVE-2022-35832
2022-09-13 19:15:11
CVE-2022-34733
2022-09-13 19:15:10
nvd
nvd
CVE-2022-33647
2022-09-13 19:15:09
CVE-2022-37954
2022-09-13 19:15:11
CVE-2022-33679
2022-09-13 19:15:09
githubexploit
githubexploit
Exploit for CVE-2022-33679
2022-11-02 18:38:01
Exploit for CVE-2022-33679
2022-11-16 10:56:02
Exploit for CVE-2022-34718
2022-10-03 11:39:25
mscve
mscve
Windows Secure Channel Denial of Service Vulnerability
2022-09-13 07:00:00
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
2022-09-13 07:00:00
Microsoft ODBC Driver Remote Code Execution Vulnerability
2022-09-13 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows ALPC Elevation of Privilege (CVE-2022-34725)
2022-09-13 00:00:00
Microsoft Windows GDI Elevation of Privilege (CVE-2022-34729)
2022-09-13 00:00:00
Microsoft DirectX Graphics Kernel Elevation of Privilege (CVE-2022-37954)
2022-09-13 00:00:00
cvelist
cvelist
CVE-2022-37954 DirectX Graphics Kernel Elevation of Privilege Vulnerability
2022-09-13 18:42:03
CVE-2022-34723 Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability
2022-09-13 18:41:38
CVE-2022-37957 Windows Kernel Elevation of Privilege Vulnerability
2022-09-13 18:42:06
prion
prion
Security feature bypass
2022-09-13 19:15:00
Remote code execution
2022-09-13 19:15:00
Remote code execution
2022-09-13 19:15:00
trellix
trellix
The Bug Report — September 2022 Edition
2022-10-05 00:00:00
schneier
schneier
Critical Microsoft Code-Execution Vulnerability
2022-12-22 12:01:37
hivepro
hivepro
Microsoft Rolled Out SPNEGO NEGOEX Critical Vulnerability
2022-12-26 10:37:19
Microsoft busts an actively exploited zero-day and several critical flaws
2022-09-16 09:03:27
attackerkb
attackerkb
CVE-2022-26928
2022-09-13 00:00:00
CVE-2022-30170
2022-09-13 00:00:00
zdi
zdi
Microsoft Windows DirectX Graphics Use-After-Free Local Privilege Escalation Vulnerability
2022-09-19 00:00:00
Microsoft Windows Group Policy Preference Link Following Local Privilege Escalation Vulnerability
2022-09-19 00:00:00
veracode
veracode
Privilege Escalation
2022-12-08 14:17:02
vulnrichment
vulnrichment
CVE-2022-35838 HTTP V3 Denial of Service Vulnerability
2022-09-13 18:42:00
cnvd
cnvd
Microsoft Windows TCP/IP Remote Code Execution Vulnerability (CNVD-2022-63613)
2022-09-15 00:00:00
Microsoft Windows has an unspecified vulnerability (CNVD-2022-63614)
2022-09-15 00:00:00
pentestpartners
pentestpartners
MS Enterprise app management service RCE. CVE-2022-35841
2022-10-13 05:48:43

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.235 Low

EPSS

Percentile

96.6%

JSON
Related for KLA19245
nessus12mskb15openvas7kaspersky1talosblog1rapid7blog1avleonov1thn3malwarebytes1googleprojectzero1zdt1krebs1qualysblog1cve26nvd24githubexploit4mscve28checkpoint_advisories3cvelist26prion29trellix1schneier1hivepro2attackerkb2zdi2veracode1vulnrichment1cnvd2pentestpartners1