Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA62388
HistoryDec 12, 2023 - 12:00 a.m.

KLA62388 Multiple vulnerabilities in Microsoft Windows

2023-12-1200:00:00
Kaspersky Lab
threats.kaspersky.com
58
microsoft windows
arbitrary code execution
sensitive information
denial of service
privilege escalation
user interface spoofing
public exploits
kb section.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, overwrite arbitrary files, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Internet Connection Sharing (ICS) can be exploited remotely to execute arbitrary code.
  2. An information disclosure vulnerability in DHCP Server Service can be exploited remotely to obtain sensitive information.
  3. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
  4. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  5. A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
  6. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
  7. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  8. A denial of service vulnerability in Internet Connection Sharing (ICS) can be exploited remotely to cause denial of service.
  9. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  10. A remote code execution vulnerability in Windows MSHTML Platform can be exploited remotely to execute arbitrary code.
  11. An elevation of privilege vulnerability in Sysmain Service can be exploited remotely to gain privileges.
  12. A spoofing vulnerability in Windows DPAPI (Data Protection Application Programming Interface) can be exploited remotely to spoof user interface.
  13. A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
  14. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  15. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  16. A remote code execution vulnerability in Windows Bluetooth Driver can be exploited remotely to execute arbitrary code.
  17. A spoofing vulnerability in Windows DNS can be exploited remotely to spoof user interface.
  18. An elevation of privilege vulnerability in Local Security Authority Subsystem Service can be exploited remotely to gain privileges.
  19. An elevation of privilege vulnerability in XAML Diagnostics can be exploited remotely to gain privileges.
  20. A remote code execution vulnerability in Microsoft USBHUB 3.0 Device Driver can be exploited remotely to execute arbitrary code.
  21. A remote code execution vulnerability in Windows Media can be exploited remotely to execute arbitrary code.
  22. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.

Original advisories

CVE-2023-35630

CVE-2023-35641

CVE-2023-35643

CVE-2023-35635

CVE-2023-36006

CVE-2023-20588

CVE-2023-36005

CVE-2023-35639

CVE-2023-35642

CVE-2023-36011

CVE-2023-35628

CVE-2023-35644

CVE-2023-36004

CVE-2023-35638

CVE-2023-36012

CVE-2023-36696

CVE-2023-35633

CVE-2023-35634

CVE-2023-35631

CVE-2023-35622

CVE-2023-36391

CVE-2023-36003

CVE-2023-35629

CVE-2023-21740

CVE-2023-35632

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2023-20588 high

CVE-2023-35630 critical

CVE-2023-35641 critical

CVE-2023-35643 critical

CVE-2023-35635 high

CVE-2023-36006 critical

CVE-2023-36005 critical

CVE-2023-35639 critical

CVE-2023-35642 high

CVE-2023-36011 critical

CVE-2023-35628 critical

CVE-2023-35644 critical

CVE-2023-36004 critical

CVE-2023-35638 critical

CVE-2023-36012 high

CVE-2023-36696 critical

CVE-2023-35633 critical

CVE-2023-35634 critical

CVE-2023-35631 critical

CVE-2023-35622 critical

CVE-2023-36391 critical

CVE-2023-36003 high

CVE-2023-35629 high

CVE-2023-21740 critical

CVE-2023-35632 critical

KB list

5033118

5033372

5033383

5033379

5033373

5033464

5033369

5033375

5033371

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

  • OAF

Overwrite arbitrary files. Exploitation of vulnerabilities with this impact can lead to loss of some information, contained in overwritten files.

Affected Products

  • Windows 10 Version 21H2 for x64-based SystemsWindows Server 2019 (Server Core installation)Windows 11 Version 23H2 for ARM64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for 32-bit SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 22H2 for ARM64-based SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows Server 2019Windows Server 2016 (Server Core installation)Windows 10 Version 22H2 for ARM64-based SystemsWindows Server 2022Windows 10 Version 1809 for x64-based SystemsWindows Server 2016Windows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 22H2 for x64-based SystemsWindows 11 Version 23H2 for x64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows Server 2022 (Server Core installation)Windows 10 for x64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 11 version 21H2 for x64-based Systems

References

Related

nessus 22
mskb 16
openvas 12
kaspersky 1
qualysblog 1
rapid7blog 1
thn 1
talosblog 1
malwarebytes 1
nvd 25
cvelist 25
prion 25
cve 25
krebs 1
mscve 25
githubexploit 2
vulnrichment 1
debiancve 1
redhatcve 1
amd 1
veracode 1
osv 3
xen 1
amazon 2
ubuntucve 1
ubuntu 2
fedora 1
nessus
nessus
KB5033371: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2023)
2023-12-12 00:00:00
KB5033383: Windows 11 version 22H2 Security Update (December 2023)
2023-12-12 00:00:00
KB5033429: Windows Server 2012 Security Update (December 2023)
2023-12-12 00:00:00
mskb
mskb
December 12, 2023—KB5033371 (OS Build 17763.5206)
2023-12-12 08:00:00
December 12, 2023—KB5033373 (OS Build 14393.6529)
2023-12-12 08:00:00
December 12, 2023— KB5033464 (OS Build 20348.2144)
2023-12-12 08:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5033373)
2023-12-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5033375)
2023-12-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5033372)
2023-12-13 00:00:00
kaspersky
kaspersky
KLA62389 Multiple vulnerabilities in Microsoft Products (ESU)
2023-12-12 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, December 2023 Security Update Review
2023-12-12 20:01:33
rapid7blog
rapid7blog
Patch Tuesday - December 2023
2023-12-12 21:06:54
thn
thn
Microsoft's Final 2023 Patch Tuesday: 34 Flaws Fixed, Including 4 Critical
2023-12-13 05:50:00
talosblog
talosblog
Microsoft releases lightest Patch Tuesday in three years, no zero-days disclosed
2023-12-12 19:45:23
malwarebytes
malwarebytes
Microsoft patches 34 vulnerabilities, including one zero-day
2023-12-13 16:39:23
nvd
nvd
CVE-2023-36391
2023-12-12 18:15:22
CVE-2023-36696
2023-12-12 18:15:22
CVE-2023-36003
2023-12-12 18:15:20
cvelist
cvelist
CVE-2023-36391 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
2023-12-12 18:10:40
CVE-2023-36696 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
2023-12-12 18:10:39
CVE-2023-36012 DHCP Server Service Information Disclosure Vulnerability
2023-12-12 18:10:45
prion
prion
Privilege escalation
2023-12-12 18:15:00
Privilege escalation
2023-12-12 18:15:00
Privilege escalation
2023-12-12 18:15:00
cve
cve
CVE-2023-36391
2023-12-12 18:15:22
CVE-2023-36696
2023-12-12 18:15:22
CVE-2023-35639
2023-12-12 18:15:19
krebs
krebs
Microsoft Patch Tuesday, December 2023 Edition
2023-12-12 22:21:00
mscve
mscve
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
2023-12-12 08:00:00
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
2023-12-12 08:00:00
DHCP Server Service Information Disclosure Vulnerability
2023-12-12 08:00:00
githubexploit
githubexploit
Exploit for Untrusted Search Path in Microsoft
2024-01-15 08:19:32
Exploit for Untrusted Search Path in Microsoft
2024-01-11 19:17:13
vulnrichment
vulnrichment
CVE-2023-35644 Windows Sysmain Service Elevation of Privilege
2023-12-12 18:10:51
debiancve
debiancve
CVE-2023-20588
2023-08-08 18:15:11
redhatcve
redhatcve
CVE-2023-20588
2023-08-08 18:19:38
amd
amd
Speculative Leaks Security Notice
2023-08-08 00:00:00
veracode
veracode
Information Disclosure
2023-10-02 17:15:30
osv
osv
CVE-2023-20588
2023-08-08 18:15:11
linux-oem-6.1 vulnerabilities
2023-09-19 17:42:59
linux-aws vulnerabilities
2024-01-10 22:36:53
xen
xen
x86/AMD: Divide speculative information leak
2023-09-25 16:03:00
amazon
amazon
Medium: kernel
2023-08-30 17:56:00
Medium: kernel
2023-08-31 22:29:00
ubuntucve
ubuntucve
CVE-2023-20588
2023-08-08 00:00:00
ubuntu
ubuntu
Linux kernel (AWS) vulnerabilities
2024-01-10 00:00:00
Linux kernel (OEM) vulnerabilities
2023-09-19 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: xen-4.16.5-2.fc37
2023-10-12 01:18:17

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON
Related for KLA62388
nessus22mskb16openvas12kaspersky1qualysblog1rapid7blog1thn1talosblog1malwarebytes1nvd25cvelist25prion25cve25krebs1mscve25githubexploit2vulnrichment1debiancve1redhatcve1amd1veracode1osv3xen1amazon2ubuntucve1ubuntu2fedora1