Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA65511
HistoryApr 09, 2024 - 12:00 a.m.

KLA65511 Multiple vulnerabilities in Microsoft Windows

2024-04-0900:00:00
Kaspersky Lab
threats.kaspersky.com
24
microsoft windows
vulnerabilities
sensitive information
code execution
security bypass
denial of service
privilege escalation
ui spoofing
windows server
windows 10
windows 11

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions, cause denial of service, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability can be exploited remotely to obtain sensitive information.
  2. An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to obtain sensitive information.
  3. A remote code execution vulnerability in Windows DNS Server can be exploited remotely to execute arbitrary code.
  4. A security feature bypass vulnerability can be exploited remotely to bypass security restrictions.
  5. A denial of service vulnerability in HTTP.sys can be exploited remotely to cause denial of service.
  6. A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in Windows Defender Credential Guard can be exploited remotely to gain privileges.
  8. A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
  9. A remote code execution vulnerability in DHCP Server Service can be exploited remotely to execute arbitrary code.
  10. A remote code execution vulnerability in Windows Cryptographic Services can be exploited remotely to execute arbitrary code.
  11. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  12. A denial of service vulnerability in Windows Kerberos can be exploited remotely to cause denial of service.
  13. A spoofing vulnerability in Proxy Driver can be exploited remotely to spoof user interface.
  14. An elevation of privilege vulnerability in Microsoft Install Service can be exploited remotely to gain privileges.
  15. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  16. A remote code execution vulnerability in Windows rndismp6.sys can be exploited remotely to execute arbitrary code.
  17. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
  18. A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
  19. A remote code execution vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to execute arbitrary code.
  20. An information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service can be exploited remotely to obtain sensitive information.
  21. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
  22. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely to gain privileges.
  23. An elevation of privilege vulnerability in Microsoft Brokering File System can be exploited remotely to gain privileges.
  24. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  25. An elevation of privilege vulnerability in Windows USB Print Driver can be exploited remotely to gain privileges.
  26. A remote code execution vulnerability in libarchive can be exploited remotely to execute arbitrary code.
  27. A denial of service vulnerability in Microsoft Virtual Machine Bus (VMBus) can be exploited remotely to cause denial of service.
  28. An information disclosure vulnerability in Windows Distributed File System (DFS) can be exploited remotely to obtain sensitive information.
  29. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
  30. A remote code execution vulnerability in Microsoft WDAC OLE DB Provider for SQL Server can be exploited remotely to execute arbitrary code.
  31. An elevation of privilege vulnerability in Windows SMB can be exploited remotely to gain privileges.
  32. An elevation of privilege vulnerability in Windows CSC Service can be exploited remotely to gain privileges.
  33. An elevation of privilege vulnerability in Windows Storage can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Windows Authentication can be exploited remotely to gain privileges.
  35. A security feature bypass vulnerability in Windows Cryptographic Services can be exploited remotely to bypass security restrictions.
  36. A remote code execution vulnerability in Windows Distributed File System (DFS) can be exploited remotely to execute arbitrary code.
  37. An elevation of privilege vulnerability in Windows File Server Resource Management Service can be exploited remotely to gain privileges.
  38. An information disclosure vulnerability in Windows Mobile Hotspot can be exploited remotely to obtain sensitive information.
  39. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  40. An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
  41. A security feature bypass vulnerability in SmartScreen Prompt can be exploited remotely to bypass security restrictions.
  42. A remote code execution vulnerability in Microsoft WDAC SQL Server ODBC Driver can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2024-26255

CVE-2024-26227

CVE-2024-23593

CVE-2024-26219

CVE-2024-26215

CVE-2024-26237

CVE-2024-26172

CVE-2024-28900

CVE-2022-0001

CVE-2024-26168

CVE-2024-28921

CVE-2024-26195

CVE-2024-29050

CVE-2024-26179

CVE-2024-28901

CVE-2024-26183

CVE-2024-28923

CVE-2024-26234

CVE-2024-26158

CVE-2024-28903

CVE-2024-20678

CVE-2024-26253

CVE-2024-26202

CVE-2024-29064

CVE-2024-26180

CVE-2024-20665

CVE-2024-28925

CVE-2024-26208

CVE-2024-26209

CVE-2024-26242

CVE-2024-26175

CVE-2024-26252

CVE-2024-28898

CVE-2024-26235

CVE-2024-26231

CVE-2024-28924

CVE-2024-28907

CVE-2024-28896

CVE-2024-26218

CVE-2024-26243

CVE-2024-26256

CVE-2024-26254

CVE-2024-28905

CVE-2024-26224

CVE-2024-26226

CVE-2024-26241

CVE-2024-26205

CVE-2024-26207

CVE-2024-26244

CVE-2024-26221

CVE-2024-28920

CVE-2024-20693

CVE-2024-26245

CVE-2024-20669

CVE-2024-26240

CVE-2024-26229

CVE-2024-29052

CVE-2024-29061

CVE-2024-29056

CVE-2024-26228

CVE-2024-28922

CVE-2024-26194

CVE-2024-29066

CVE-2024-29062

CVE-2024-26236

CVE-2024-26213

CVE-2024-26223

CVE-2024-26222

CVE-2024-26230

CVE-2024-26216

CVE-2024-26233

CVE-2024-26217

CVE-2024-26220

CVE-2024-28904

CVE-2024-26248

CVE-2024-26232

CVE-2024-23594

CVE-2024-28902

CVE-2024-26200

CVE-2024-26210

CVE-2024-21447

CVE-2024-28897

CVE-2024-26171

CVE-2024-26211

CVE-2024-29988

CVE-2024-26189

CVE-2024-26214

CVE-2024-26239

CVE-2024-26212

CVE-2024-26250

CVE-2024-28919

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2022-0001 high

CVE-2024-26255 high

CVE-2024-26227 warning

CVE-2024-23593 high

CVE-2024-26219 critical

CVE-2024-26215 critical

CVE-2024-26237 critical

CVE-2024-26172 high

CVE-2024-28900 high

CVE-2024-26168 high

CVE-2024-28921 high

CVE-2024-26195 high

CVE-2024-29050 critical

CVE-2024-26179 critical

CVE-2024-28901 high

CVE-2024-26183 high

CVE-2024-28923 high

CVE-2024-26234 high

CVE-2024-26158 warning

CVE-2024-28903 high

CVE-2024-20678 critical

CVE-2024-26253 high

CVE-2024-26202 high

CVE-2024-29064 warning

CVE-2024-26180 critical

CVE-2024-20665 high

CVE-2024-28925 critical

CVE-2024-26208 high

CVE-2024-26209 high

CVE-2024-26242 high

CVE-2024-26175 critical

CVE-2024-26252 warning

CVE-2024-28898 high

CVE-2024-26235 critical

CVE-2024-26231 high

CVE-2024-28924 high

CVE-2024-28907 critical

CVE-2024-28896 critical

CVE-2024-26218 critical

CVE-2024-26243 high

CVE-2024-26256 critical

CVE-2024-26254 critical

CVE-2024-28905 warning

CVE-2024-26224 warning

CVE-2024-26226 high

CVE-2024-26241 critical

CVE-2024-26205 critical

CVE-2024-26207 high

CVE-2024-26244 warning

CVE-2024-26221 high

CVE-2024-28920 critical

CVE-2024-20693 critical

CVE-2024-26245 critical

CVE-2024-20669 high

CVE-2024-26240 critical

CVE-2024-26229 critical

CVE-2024-29052 critical

CVE-2024-29061 critical

CVE-2024-29056 warning

CVE-2024-26228 critical

CVE-2024-28922 warning

CVE-2024-26194 high

CVE-2024-29066 high

CVE-2024-29062 high

CVE-2024-26236 high

CVE-2024-26213 high

CVE-2024-26223 high

CVE-2024-26222 high

CVE-2024-26230 critical

CVE-2024-26216 high

CVE-2024-26233 high

CVE-2024-26217 high

CVE-2024-26220 warning

CVE-2024-28904 critical

CVE-2024-26248 critical

CVE-2024-26232 high

CVE-2024-23594 high

CVE-2024-28902 high

CVE-2024-26200 critical

CVE-2024-26210 critical

CVE-2024-21447 critical

CVE-2024-28897 high

CVE-2024-26171 high

CVE-2024-26211 warning

CVE-2024-29988 critical

CVE-2024-26189 warning

CVE-2024-26214 critical

CVE-2024-26239 critical

CVE-2024-26212 critical

CVE-2024-26250 high

CVE-2024-28919 high

KB list

5036899

5036909

5036910

5036896

5036925

5036893

5036892

5036894

5037765

5037768

5037788

5037763

5037781

5037782

5037771

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows Server 2022Windows 10 Version 22H2 for 32-bit SystemsWindows 11 version 21H2 for ARM64-based SystemsWindows Server 2022 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2016 (Server Core installation)Windows 11 Version 23H2 for x64-based SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 22H2 for x64-based SystemsWindows Server 2019Windows 11 version 21H2 for x64-based SystemsWindows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 10 Version 1607 for 32-bit SystemsWindows Server 2016Windows 10 Version 1809 for x64-based SystemsWindows 10 Version 1809 for ARM64-based Systems

References

Related

mskb 14
openvas 7
nessus 15
kaspersky 1
qualysblog 1
rapid7blog 1
mscve 29
malwarebytes 1
talosblog 1
nvd 33
cvelist 35
cve 34
vulnrichment 23
ubuntucve 1
osv 1
fedora 2
mskb
mskb
April 9, 2024—KB5036896 (OS Build 17763.5696)
2024-04-09 07:00:00
April 9, 2024—KB5036950 (Security-only update)
2024-04-09 07:00:00
April 9, 2024—KB5036925 (OS Build 10240.20596)
2024-04-09 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5036896)
2024-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5036892)
2024-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5036925)
2024-04-10 00:00:00
nessus
nessus
KB5036960: Windows Server 2012 R2 Security Update (April 2024)
2024-04-09 00:00:00
KB5036909: Windows 2022 / Azure Stack HCI 22H2 Security Update (April 2024)
2024-04-09 00:00:00
KB5036910: Windows 11 version 22H2 / Windows Server version 23H2 Security Update (April 2024)
2024-04-09 00:00:00
kaspersky
kaspersky
KLA65512 Multiple vulnerabilities in Microsoft Products (ESU)
2024-04-09 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review
2024-04-09 19:23:40
rapid7blog
rapid7blog
Patch Tuesday - April 2024
2024-04-09 20:28:17
mscve
mscve
Windows Kerberos Elevation of Privilege Vulnerability
2024-04-09 07:00:00
Windows Authentication Elevation of Privilege Vulnerability
2024-04-09 07:00:00
Windows Hyper-V Denial of Service Vulnerability
2024-04-09 07:00:00
malwarebytes
malwarebytes
Microsoft’s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
2024-04-11 08:23:55
talosblog
talosblog
April’s Patch Tuesday includes 150 vulnerabilities, 60 which could lead to remote code execution
2024-04-09 18:23:00
nvd
nvd
CVE-2024-28920
2024-04-09 17:15:51
CVE-2024-26202
2024-04-09 17:15:38
CVE-2024-26219
2024-04-09 17:15:41
cvelist
cvelist
CVE-2024-23593
2024-04-15 18:01:13
CVE-2024-28907 Microsoft Brokering File System Elevation of Privilege Vulnerability
2024-04-09 17:01:11
CVE-2024-26224 Windows DNS Server Remote Code Execution Vulnerability
2024-04-09 17:00:50
cve
cve
CVE-2024-28907
2024-04-09 17:15:49
CVE-2024-28897
2024-04-09 17:15:48
CVE-2024-26213
2024-04-09 17:15:39
vulnrichment
vulnrichment
CVE-2024-26235 Windows Update Stack Elevation of Privilege Vulnerability
2024-04-09 17:00:55
CVE-2024-28900 Windows Remote Access Connection Manager Information Disclosure Vulnerability
2024-04-09 17:01:10
CVE-2024-26194 Secure Boot Security Feature Bypass Vulnerability
2024-04-09 17:00:44
ubuntucve
ubuntucve
CVE-2024-26256
2024-04-09 00:00:00
osv
osv
libarchive - security update
2024-06-05 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: libarchive-3.7.2-4.fc40
2024-06-02 01:23:30
[SECURITY] Fedora 39 Update: libarchive-3.7.1-2.fc39
2024-06-12 01:32:39

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.4%

JSON
Related for KLA65511
mskb14openvas7nessus15kaspersky1qualysblog1rapid7blog1mscve29malwarebytes1talosblog1nvd33cvelist35cve34vulnrichment23ubuntucve1osv1fedora2