Lucene search

Kaspersky LabKLA20003

HistoryOct 11, 2022 - 12:00 a.m.

KLA20003 PE vulnerability in Microsoft System Center

2022-10-1100:00:00

Kaspersky Lab

threats.kaspersky.com

microsoft system center

vulnerability

cve-2022-37971

elevation of privilege

microsoft malware protection engine

windows update

privilege escalation

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

An elevation of privilege vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to gain privileges.

Original advisories

CVE-2022-37971

Related products

Microsoft-Defender-for-Endpoint-for-Windows

CVE list

CVE-2022-37971 high

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

Microsoft Malware Protection Engine

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37971

statistics.securelist.com/

threats.kaspersky.com/en/product/Microsoft-Defender-for-Endpoint-for-Windows/

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.6%

JSON

Related for KLA20003