Kaspersky LabKLA20189KLA20189 ACE vulnerability in Microsoft Windows
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
84.3%
Remote code execution vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2023-21712 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Windows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 21H1 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 10 for 32-bit SystemsWindows RT 8.1Windows Server 2012 (Server Core installation)Windows 10 Version 22H2 for ARM64-based SystemsWindows Server 2022Windows 8.1 for 32-bit systemsWindows Server 2012Windows 11 version 21H2 for x64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 20H2 for 32-bit SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2012 R2Windows 11 version 21H2 for ARM64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 21H1 for 32-bit SystemsWindows 8.1 for x64-based systemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1809 for ARM64-based SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 21H1 for ARM64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows Server 2022 (Server Core installation)Windows 10 Version 20H2 for ARM64-based SystemsWindows Server 2016Windows 10 Version 20H2 for x64-based SystemsWindows 10 Version 21H2 for x64-based Systems
References
support.microsoft.com/kb/5019080
support.microsoft.com/kb/5019081
support.microsoft.com/kb/5019959
support.microsoft.com/kb/5019961
support.microsoft.com/kb/5019964
support.microsoft.com/kb/5019966
support.microsoft.com/kb/5019970
support.microsoft.com/kb/5019980
support.microsoft.com/kb/5020003
support.microsoft.com/kb/5020009
support.microsoft.com/kb/5020010
support.microsoft.com/kb/5020023
support.microsoft.com/kb/5022282
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21712
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-11/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2016/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2019/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Windows-RT/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
84.3%