Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA48553
HistoryMar 14, 2023 - 12:00 a.m.

KLA48553 Multiple vulnerabilities in Microsoft Windows

2023-03-1400:00:00
Kaspersky Lab
threats.kaspersky.com
226
microsoft windows
privilege escalation
arbitrary code execution
sensitive information disclosure
denial of service
windows graphics component
windows dns server
windows kernel
microsoft postscript and pcl6 class printer driver
windows resilient file system (refs)
internet control message protocol (icmp)
cert/cc
remote procedure call runtime
windows point-to-point protocol over ethernet (pppoe)
windows brokerinfrastructure service
windows http.sys
windows hyper-v
windows media
windows internet key exchange (ike) extension
windows point-to-point tunneling protocol
http protocol stack
windows smartscreen
windows accounts picture
windows secure channel
client server run-time subsystem (csrss)
windows partition management driver
windows cryptographic services
tpm2.0 module library
windows bluetooth driver

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.3%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information, spoof user interface, cause denial of service, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  3. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  4. A remote code execution vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to execute arbitrary code.
  5. An information disclosure vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to obtain sensitive information.
  6. An elevation of privilege vulnerability in Windows Resilient File System (ReFS) can be exploited remotely to gain privileges.
  7. A remote code execution vulnerability in Internet Control Message Protocol (ICMP) can be exploited remotely to execute arbitrary code.
  8. An elevation of privilege vulnerability in CERT/CC can be exploited remotely to gain privileges.
  9. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  10. An elevation of privilege vulnerability in Windows Point-to-Point Protocol over Ethernet (PPPoE) can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Windows BrokerInfrastructure Service can be exploited remotely to gain privileges.
  12. A remote code execution vulnerability in Windows Point-to-Point Protocol over Ethernet (PPPoE) can be exploited remotely to execute arbitrary code.
  13. A remote code execution vulnerability in Windows Bluetooth Service can be exploited remotely to execute arbitrary code.
  14. An elevation of privilege vulnerability in Windows HTTP.sys can be exploited remotely to gain privileges.
  15. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
  16. A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
  17. A denial of service vulnerability in Windows Internet Key Exchange (IKE) Extension can be exploited remotely to cause denial of service.
  18. A remote code execution vulnerability in Windows Point-to-Point Tunneling Protocol can be exploited remotely to execute arbitrary code.
  19. A remote code execution vulnerability in HTTP Protocol Stack can be exploited remotely to execute arbitrary code.
  20. A security feature bypass vulnerability in Windows SmartScreen can be exploited remotely to bypass security restrictions.
  21. An elevation of privilege vulnerability in Windows Accounts Picture can be exploited remotely to gain privileges.
  22. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  23. An information disclosure vulnerability in Client Server Run-Time Subsystem (CSRSS) can be exploited remotely to obtain sensitive information.
  24. An elevation of privilege vulnerability in Windows Partition Management Driver can be exploited remotely to gain privileges.
  25. A remote code execution vulnerability in Windows Cryptographic Services can be exploited remotely to execute arbitrary code.
  26. An elevation of privilege vulnerability in TPM2.0 Module Library can be exploited remotely to gain privileges.
  27. An elevation of privilege vulnerability in Microsoft PostScript and PCL6 Class Printer Driver can be exploited remotely to gain privileges.
  28. An elevation of privilege vulnerability in Windows Bluetooth Driver can be exploited remotely to gain privileges.

Original advisories

CVE-2023-24861

CVE-2023-23400

CVE-2023-23423

CVE-2023-24910

CVE-2023-24868

CVE-2023-24858

CVE-2023-23413

CVE-2023-23418

CVE-2023-24907

CVE-2023-23422

CVE-2023-24870

CVE-2023-23415

CVE-2023-1018

CVE-2023-21708

CVE-2023-24865

CVE-2023-23385

CVE-2023-23393

CVE-2023-24913

CVE-2023-24866

CVE-2023-23414

CVE-2023-23421

CVE-2023-24871

CVE-2023-23410

CVE-2023-23407

CVE-2023-23403

CVE-2023-23411

CVE-2023-23406

CVE-2023-23401

CVE-2023-24859

CVE-2023-24911

CVE-2023-24867

CVE-2023-24909

CVE-2023-23405

CVE-2023-23404

CVE-2023-23392

CVE-2023-24880

CVE-2023-24856

CVE-2023-24876

CVE-2023-23412

CVE-2023-24863

CVE-2023-24872

CVE-2023-24862

CVE-2023-23420

CVE-2023-23409

CVE-2023-23417

CVE-2023-24908

CVE-2023-24869

CVE-2023-23416

CVE-2023-23419

CVE-2023-23394

CVE-2023-24857

CVE-2023-1017

CVE-2023-23402

CVE-2023-24906

CVE-2023-24864

CVE-2023-23388

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2023-24861 high

CVE-2023-23400 high

CVE-2023-23423 high

CVE-2023-24910 high

CVE-2023-24868 high

CVE-2023-24858 high

CVE-2023-23413 high

CVE-2023-23418 high

CVE-2023-24907 high

CVE-2023-23422 high

CVE-2023-24870 high

CVE-2023-23415 critical

CVE-2023-1018 high

CVE-2023-21708 critical

CVE-2023-24865 high

CVE-2023-23385 high

CVE-2023-23393 high

CVE-2023-24913 high

CVE-2023-24866 high

CVE-2023-23414 high

CVE-2023-23421 high

CVE-2023-24871 high

CVE-2023-23410 high

CVE-2023-23407 high

CVE-2023-23403 high

CVE-2023-23411 high

CVE-2023-23406 high

CVE-2023-23401 high

CVE-2023-24859 high

CVE-2023-24911 warning

CVE-2023-24867 high

CVE-2023-24909 high

CVE-2023-23405 high

CVE-2023-23404 high

CVE-2023-23392 critical

CVE-2023-24880 warning

CVE-2023-24856 high

CVE-2023-24876 high

CVE-2023-23412 high

CVE-2023-24863 high

CVE-2023-24872 high

CVE-2023-24862 high

CVE-2023-23420 high

CVE-2023-23409 high

CVE-2023-23417 high

CVE-2023-24908 high

CVE-2023-24869 high

CVE-2023-23416 high

CVE-2023-23419 high

CVE-2023-23394 high

CVE-2023-24857 high

CVE-2023-1017 high

CVE-2023-23402 high

CVE-2023-24906 high

CVE-2023-24864 high

CVE-2023-23388 high

KB list

5023786

5023706

5023713

5023698

5023702

5023696

5023697

5023705

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows 10 Version 22H2 for ARM64-based SystemsWindows Server 2019 (Server Core installation)Windows 10 Version 20H2 for 32-bit SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows 10 for x64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 10 for 32-bit SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 20H2 for ARM64-based SystemsWindows 10 Version 22H2 for x64-based SystemsWindows Server 2016 (Server Core installation)Windows 10 Version 1607 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2022Windows 10 Version 1809 for 32-bit SystemsWindows Server 2016Windows 10 Version 21H2 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows Server 2019

References

Related

mskb 16
openvas 11
nessus 21
kaspersky 1
talosblog 1
qualysblog 1
avleonov 1
rapid7blog 1
fedora 3
oraclelinux 1
ibm 1
f5 1
osv 2
redhat 2
almalinux 1
redos 1
thn 2
ubuntu 1
amd 1
mageia 1
prion 26
cvelist 24
cve 26
nvd 22
mscve 22
cnvd 5
vulnrichment 1
zdi 1
cisa_kev 1
attackerkb 1
mskb
mskb
March 14, 2023— KB5023786 (OS Build 20348.1602)
2023-03-14 07:00:00
March 14, 2023—KB5023756 (Monthly Rollup)
2023-03-14 07:00:00
March 14, 2023—KB5023706 (OS Build 22621.1413)
2023-03-14 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5023706)
2023-07-21 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5023696)
2023-03-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5023713)
2023-03-15 00:00:00
nessus
nessus
KB5023705: Windows 2022 / Azure Stack HCI 22H2 Security Update (March 2023)
2023-03-14 00:00:00
KB5023764: Windows 8.1 Embedded and Windows Server 2012 R2 Security Update (March 2023)
2023-03-14 00:00:00
KB5023702: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2023)
2023-03-14 00:00:00
kaspersky
kaspersky
KLA48554 Multiple vulnerabilities in Microsoft Products (ESU)
2023-03-14 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday for March 2023 — Snort rules and prominent vulnerabilities
2023-03-14 20:08:36
qualysblog
qualysblog
The March 2023 Patch Tuesday Security Update Review
2023-03-15 00:08:07
avleonov
avleonov
Microsoft Patch Tuesday March 2023: Outlook EoP, MOTW Bypass, Excel DoS, HTTP/3 RCE, ICMP RCE, RPC RCE
2023-03-27 00:25:37
rapid7blog
rapid7blog
Patch Tuesday - March 2023
2023-03-14 23:46:44
fedora
fedora
[SECURITY] Fedora 37 Update: libtpms-0.9.6-1.fc37
2023-03-06 02:20:01
[SECURITY] Fedora 38 Update: libtpms-0.9.6-1.fc38
2023-03-16 00:16:59
[SECURITY] Fedora 36 Update: libtpms-0.9.6-1.fc36
2023-03-16 18:19:58
oraclelinux
oraclelinux
libtpms security update
2023-05-15 00:00:00
ibm
ibm
Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018
2023-06-21 22:18:44
f5
f5
K000132856 : TPM 2.0 vulnerabilities CVE-2023-1017 and CVE-2023-1018
2023-03-03 00:00:00
osv
osv
Moderate: libtpms security update
2023-05-09 00:00:00
libtpms vulnerabilities
2023-03-07 15:26:07
redhat
redhat
(RHSA-2023:1833) Moderate: virt:rhel and virt-devel:rhel security and bug fix update
2023-04-18 16:09:16
(RHSA-2023:2453) Moderate: libtpms security update
2023-05-09 05:11:15
almalinux
almalinux
Moderate: libtpms security update
2023-05-09 00:00:00
redos
redos
ROS-20230417-04
2023-04-17 00:00:00
thn
thn
Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack
2023-03-15 05:26:00
New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
2023-03-03 10:18:00
ubuntu
ubuntu
Libtpms vulnerabilities
2023-03-07 00:00:00
amd
amd
TPM Out of Bounds Access
2023-04-11 00:00:00
mageia
mageia
Updated libtpms packages fix security vulnerability
2023-03-19 01:16:28
prion
prion
Privilege escalation
2023-03-14 17:15:00
Denial of service
2023-03-14 17:15:00
Privilege escalation
2023-03-14 17:15:00
cvelist
cvelist
CVE-2023-23417 Windows Partition Management Driver Elevation of Privilege Vulnerability
2023-03-14 16:55:44
CVE-2023-23418 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
2023-03-14 16:55:44
CVE-2023-23416 Windows Cryptographic Services Remote Code Execution Vulnerability
2023-03-14 16:55:43
cve
cve
CVE-2023-23418
2023-03-14 17:15:15
CVE-2023-23419
2023-03-14 17:15:15
CVE-2023-23388
2023-03-14 17:15:12
nvd
nvd
CVE-2023-23393
2023-03-14 17:15:12
CVE-2023-24909
2023-03-14 17:15:18
CVE-2023-23417
2023-03-14 17:15:15
mscve
mscve
Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability
2023-03-14 07:00:00
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
2023-03-14 07:00:00
Windows DNS Server Remote Code Execution Vulnerability
2023-03-14 07:00:00
cnvd
cnvd
Microsoft Windows Bluetooth Service Code Execution Vulnerability
2023-03-16 00:00:00
Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
2023-03-16 00:00:00
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability (CNVD-2023-28105)
2023-03-16 00:00:00
vulnrichment
vulnrichment
CVE-2023-23423 Windows Kernel Elevation of Privilege Vulnerability
2023-03-14 16:55:47
zdi
zdi
Microsoft Windows http.sys Integer Overflow Local Privilege Escalation Vulnerability
2023-03-15 00:00:00
cisa_kev
cisa_kev
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
2023-03-14 00:00:00
attackerkb
attackerkb
CVE-2023-24880
2023-03-14 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.3%

JSON
Related for KLA48553
mskb16openvas11nessus21kaspersky1talosblog1qualysblog1avleonov1rapid7blog1fedora3oraclelinux1ibm1f51osv2redhat2almalinux1redos1thn2ubuntu1amd1mageia1prion26cvelist24cve26nvd22mscve22cnvd5vulnrichment1zdi1cisa_kev1attackerkb1