KLA65512 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability can be exploited remotely to obtain sensitive information.
2. A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
3. An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to obtain sensitive information.
4. A security feature bypass vulnerability in Secure Boot can be exploited remotely to bypass security restrictions.
5. A remote code execution vulnerability in DHCP Server Service can be exploited remotely to execute arbitrary code.
6. A remote code execution vulnerability in Windows Cryptographic Services can be exploited remotely to execute arbitrary code.
7. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
8. A denial of service vulnerability in Windows Kerberos can be exploited remotely to cause denial of service.
9. A spoofing vulnerability in Proxy Driver can be exploited remotely to spoof user interface.
10. An elevation of privilege vulnerability in Microsoft Install Service can be exploited remotely to gain privileges.
11. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
12. A remote code execution vulnerability in Windows rndismp6.sys can be exploited remotely to execute arbitrary code.
13. A security feature bypass vulnerability in BitLocker can be exploited remotely to bypass security restrictions.
14. A remote code execution vulnerability in Microsoft Message Queuing (MSMQ) can be exploited remotely to execute arbitrary code.
15. An information disclosure vulnerability in Microsoft Local Security Authority Subsystem Service can be exploited remotely to obtain sensitive information.
16. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
17. An information disclosure vulnerability in Windows Distributed File System (DFS) can be exploited remotely to obtain sensitive information.
18. An elevation of privilege vulnerability in Win32k can be exploited remotely to gain privileges.
19. A remote code execution vulnerability in Microsoft WDAC OLE DB Provider for SQL Server can be exploited remotely to execute arbitrary code.
20. An elevation of privilege vulnerability in Windows CSC Service can be exploited remotely to gain privileges.
21. An elevation of privilege vulnerability in Windows Authentication can be exploited remotely to gain privileges.
22. A security feature bypass vulnerability in Windows Cryptographic Services can be exploited remotely to bypass security restrictions.
23. A remote code execution vulnerability in Windows Distributed File System (DFS) can be exploited remotely to execute arbitrary code.
24. An elevation of privilege vulnerability in Windows File Server Resource Management Service can be exploited remotely to gain privileges.
25. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
26. An elevation of privilege vulnerability in Windows Remote Access Connection Manager can be exploited remotely to gain privileges.
27. A remote code execution vulnerability in Microsoft WDAC SQL Server ODBC Driver can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2024-26226

CVE-2024-26241

CVE-2024-26205

CVE-2024-26215

CVE-2024-26207

CVE-2024-26244

CVE-2024-20689

CVE-2024-20669

CVE-2024-28900

CVE-2024-26240

CVE-2022-0001

CVE-2024-26229

CVE-2024-29056

CVE-2024-29061

CVE-2024-26228

CVE-2024-26168

CVE-2024-28921

CVE-2024-26195

CVE-2024-29050

CVE-2024-26194

CVE-2024-28922

CVE-2024-29066

CVE-2024-29062

CVE-2024-26179

CVE-2024-28901

CVE-2024-20688

CVE-2024-26183

CVE-2024-28923

CVE-2024-26230

CVE-2024-26234

CVE-2024-26216

CVE-2024-26158

CVE-2024-28903

CVE-2024-20678

CVE-2024-26253

CVE-2024-26202

CVE-2024-26217

CVE-2024-26180

CVE-2024-20665

CVE-2024-28925

CVE-2024-26208

CVE-2024-26248

CVE-2024-26209

CVE-2024-28902

CVE-2024-26242

CVE-2024-26175

CVE-2024-26232

CVE-2024-26252

CVE-2024-26200

CVE-2024-26210

CVE-2024-28897

CVE-2024-26171

CVE-2024-26211

CVE-2024-28898

CVE-2024-26189

CVE-2024-26214

CVE-2024-28924

CVE-2024-26239

CVE-2024-26212

CVE-2024-26250

CVE-2024-28896

CVE-2024-28919

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-Server-2008

CVE list

CVE-2022-0001 high

CVE-2024-26215 critical

CVE-2024-28900 high

CVE-2024-26168 high

CVE-2024-28921 high

CVE-2024-26195 high

CVE-2024-29050 critical

CVE-2024-26179 critical

CVE-2024-28901 high

CVE-2024-26183 high

CVE-2024-28923 high

CVE-2024-26234 high

CVE-2024-26158 warning

CVE-2024-28903 high

CVE-2024-20678 critical

CVE-2024-26253 high

CVE-2024-26202 high

CVE-2024-26180 critical

CVE-2024-20665 high

CVE-2024-28925 critical

CVE-2024-26208 high

CVE-2024-26209 high

CVE-2024-26242 high

CVE-2024-26175 critical

CVE-2024-26252 warning

CVE-2024-28898 high

CVE-2024-28924 high

CVE-2024-28896 critical

CVE-2024-26226 high

CVE-2024-26241 critical

CVE-2024-26205 critical

CVE-2024-26207 high

CVE-2024-26244 warning

CVE-2024-20669 high

CVE-2024-26240 critical

CVE-2024-26229 critical

CVE-2024-29061 critical

CVE-2024-29056 warning

CVE-2024-26228 critical

CVE-2024-28922 warning

CVE-2024-26194 high

CVE-2024-29066 high

CVE-2024-29062 high

CVE-2024-26230 critical

CVE-2024-26216 high

CVE-2024-26217 high

CVE-2024-26248 critical

CVE-2024-26232 high

CVE-2024-28902 high

CVE-2024-26200 critical

CVE-2024-26210 critical

CVE-2024-28897 high

CVE-2024-26171 high

CVE-2024-26211 warning

CVE-2024-26189 warning

CVE-2024-26214 critical

CVE-2024-26239 critical

CVE-2024-26212 critical

CVE-2024-26250 high

CVE-2024-28919 high

CVE-2024-20689 high

CVE-2024-20688 high

KB list

5036969

5036967

5036950

5036922

5036932

5036960

5037823

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Windows Server 2012 R2 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2012 R2Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012 (Server Core installation)Windows Server 2012Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)