Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA71484
HistoryAug 13, 2024 - 12:00 a.m.

KLA71484 Multiple vulnerabilities in Microsoft Windows

2024-08-1300:00:00
Kaspersky Lab
threats.kaspersky.com
59
microsoft windows
vulnerabilities
privileges
arbitrary code
denial of service
sensitive information
security restrictions
remote exploitation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.025

Percentile

90.4%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Windows Network Virtualization can be exploited remotely to execute arbitrary code.
  4. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  5. An out of bounds write vulnerability in grub can be exploited to execute arbitrary code or cause denial of service.
  6. An information disclosure vulnerability in Security Center Broker can be exploited remotely to obtain sensitive information.
  7. A remote code execution vulnerability in Windows TCP/IP can be exploited remotely to execute arbitrary code.
  8. A remote code execution vulnerability in Windows IP Routing Management Snapin can be exploited remotely to execute arbitrary code.
  9. A denial of service vulnerability in Windows Layer-2 Bridge Network Driver can be exploited remotely to cause denial of service.
  10. An elevation of privilege vulnerability in Microsoft DWM Core Library can be exploited remotely to gain privileges.
  11. An elevation of privilege vulnerability in Kernel Streaming Service Driver can be exploited remotely to gain privileges.
  12. An elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver can be exploited remotely to gain privileges.
  13. A denial of service vulnerability in Windows Network Address Translation (NAT) can be exploited remotely to cause denial of service.
  14. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  15. A buffer overflow vulnerability in grub_font_construct_glyph() can be exploited to bypass security restrictions.
  16. A remote code execution vulnerability in Windows Deployment Services can be exploited remotely to execute arbitrary code.
  17. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  19. An elevation of privilege vulnerability in Windows Resource Manager PSM Service Extension can be exploited remotely to gain privileges.
  20. An elevation of privilege vulnerability in Windows WLAN AutoConfig Service can be exploited remotely to gain privileges.
  21. An elevation of privilege vulnerability in Windows Kernel-Mode Driver can be exploited remotely to gain privileges.
  22. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
  23. A tampering vulnerability in Windows Compressed Folder can be exploited remotely to spoof user interface.
  24. A remote code execution vulnerability in Shim can be exploiter remotely to execute arbitrary code.
  25. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
  26. An information disclosure vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to obtain sensitive information.
  27. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  28. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely to gain privileges.
  29. An information disclosure vulnerability in Microsoft Local Security Authority (LSA) Server can be exploited remotely to obtain sensitive information.
  30. A remote code execution vulnerability in Clipboard Virtual Channel Extension can be exploited remotely to execute arbitrary code.
  31. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
  32. An elevation of privilege vulnerability in Windows DWM Core Library can be exploited remotely to gain privileges.
  33. An elevation of privilege vulnerability in Windows Secure Kernel Mode can be exploited remotely to gain privileges.
  34. An elevation of privilege vulnerability in Windows Resilient File System (ReFS) can be exploited remotely to gain privileges.
  35. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
  36. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
  37. A spoofing vulnerability in Windows DNS can be exploited remotely to spoof user interface.
  38. An elevation of privilege vulnerability in Windows Initial Machine Configuration can be exploited remotely to gain privileges.
  39. A remote code execution vulnerability in Windows Line Printer Daemon (LPD) Service can be exploited remotely to execute arbitrary code.
  40. A remote code execution vulnerability in Windows Mobile Broadband Driver can be exploited remotely to execute arbitrary code.
  41. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  42. A security feature bypass vulnerability in Windows Mark of the Web can be exploited remotely to bypass security restrictions.
  43. A remote code execution vulnerability in Windows Reliable Multicast Transport Driver (RMCAST) can be exploited remotely to execute arbitrary code.
  44. An elevation of privilege vulnerability in Windows Power Dependency Coordinator can be exploited remotely to gain privileges.
  45. An information disclosure vulnerability in Windows Bluetooth Driver can be exploited remotely to obtain sensitive information.
  46. A security feature bypass vulnerability in Windows SmartScreen can be exploited remotely to bypass security restrictions.

Original advisories

CVE-2024-38198

CVE-2024-38120

CVE-2024-38160

CVE-2024-38133

CVE-2022-3775

CVE-2024-38155

CVE-2024-38063

CVE-2024-38114

CVE-2024-38145

CVE-2024-38147

CVE-2024-38191

CVE-2024-38144

CVE-2024-38126

CVE-2024-38125

CVE-2024-38151

CVE-2022-2601

CVE-2024-38138

CVE-2024-38215

CVE-2024-38128

CVE-2024-29995

CVE-2024-38136

CVE-2024-38132

CVE-2024-38143

CVE-2024-38154

CVE-2024-38185

CVE-2024-38193

CVE-2024-38165

CVE-2023-40547

CVE-2024-38127

CVE-2024-38214

CVE-2024-38148

CVE-2024-38163

CVE-2024-38184

CVE-2024-38187

CVE-2024-38116

CVE-2024-38134

CVE-2024-38122

CVE-2024-38131

CVE-2024-38152

CVE-2024-38150

CVE-2024-38159

CVE-2024-38142

CVE-2024-38186

CVE-2024-38135

CVE-2024-38178

CVE-2024-38153

CVE-2024-38141

CVE-2024-38137

CVE-2024-38117

CVE-2024-37968

CVE-2024-38223

CVE-2024-38121

CVE-2024-38130

CVE-2024-38199

CVE-2024-38161

CVE-2024-38115

CVE-2024-38146

CVE-2024-38196

CVE-2024-38118

CVE-2024-38213

CVE-2024-38140

CVE-2024-38107

CVE-2024-38123

CVE-2024-38106

CVE-2024-38180

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-10

Microsoft-Windows-Server-2016

Microsoft-Windows-Server-2019

Microsoft-Windows-11

Microsoft-Remote-Desktop

Microsoft-Windows-Server-2022

CVE list

CVE-2022-2601 critical

CVE-2022-3775 high

CVE-2023-40547 critical

CVE-2024-38198 critical

CVE-2024-38120 critical

CVE-2024-38160 critical

CVE-2024-38133 critical

CVE-2024-38155 high

CVE-2024-38063 critical

CVE-2024-38114 critical

CVE-2024-38145 critical

CVE-2024-38147 critical

CVE-2024-38191 critical

CVE-2024-38144 critical

CVE-2024-38126 critical

CVE-2024-38125 critical

CVE-2024-38151 high

CVE-2024-38138 critical

CVE-2024-38215 critical

CVE-2024-38128 critical

CVE-2024-29995 critical

CVE-2024-38136 high

CVE-2024-38132 critical

CVE-2024-38143 warning

CVE-2024-38154 critical

CVE-2024-38185 critical

CVE-2024-38193 critical

CVE-2024-38165 high

CVE-2024-38127 critical

CVE-2024-38214 high

CVE-2024-38148 critical

CVE-2024-38163 critical

CVE-2024-38184 critical

CVE-2024-38187 critical

CVE-2024-38116 critical

CVE-2024-38134 critical

CVE-2024-38122 high

CVE-2024-38131 critical

CVE-2024-38152 critical

CVE-2024-38150 critical

CVE-2024-38159 critical

CVE-2024-38142 critical

CVE-2024-38186 critical

CVE-2024-38135 critical

CVE-2024-38178 critical

CVE-2024-38153 critical

CVE-2024-38141 critical

CVE-2024-38137 high

CVE-2024-38117 critical

CVE-2024-37968 critical

CVE-2024-38223 high

CVE-2024-38121 critical

CVE-2024-38130 critical

CVE-2024-38199 critical

CVE-2024-38161 high

CVE-2024-38115 critical

CVE-2024-38146 critical

CVE-2024-38196 critical

CVE-2024-38118 high

CVE-2024-38213 high

CVE-2024-38140 critical

CVE-2024-38107 critical

CVE-2024-38123 warning

CVE-2024-38106 high

CVE-2024-38180 critical

KB list

5039213

5039214

5039217

5039225

5039330

5039236

5039212

5039211

5039227

5040448

5040434

5040437

5040430

5040442

5040427

5040438

5040431

5042321

5041160

5041580

5042320

5041592

5041578

5042322

5041571

5041782

5041773

5041573

5041585

5043050

5043051

5042881

5043055

5043067

5043126

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Windows 11 Version 24H2 for ARM64-based SystemsWindows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022 (Server Core installation)Windows 10 Version 1809 for x64-based SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 Version 23H2 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for x64-based SystemsWindows 11 Version 22H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows Server 2016Windows 10 Version 1809 for ARM64-based SystemsWindows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 22H2 for x64-based SystemsWindows Server 2022Windows 10 Version 22H2 for ARM64-based SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows Server 2019Windows 10 Version 22H2 for 32-bit SystemsRemote Desktop client for Windows DesktopWindows 11 version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 Version 24H2 for x64-based Systems

References

Related

mskb 19
openvas 32
nessus 55
kaspersky 2
qualysblog 1
rapid7blog 1
talosblog 3
ics 1
krebs 1
thn 1
redhat 7
osv 7
rosalinux 2
oraclelinux 3
rocky 2
almalinux 2
debian 3
ibm 1
fedora 3
gentoo 1
redos 1
nvd 13
cvelist 13
mscve 8
cve 9
vulnrichment 8
mskb
mskb
August 13, 2024—KB5041580 (OS Builds 19044.4780 and 19045.4780)
2024-08-13 07:00:00
August 13, 2024—KB5041782 (OS Build 10240.20751)
2024-08-13 07:00:00
August 13, 2024—KB5041160 (OS Build 20348.2655)
2024-08-13 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5041580)
2024-08-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5041782)
2024-08-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5041592)
2024-08-14 00:00:00
nessus
nessus
KB5041580: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (August 2024)
2024-08-13 00:00:00
KB5041592: Windows 11 version 21H2 Security Update (August 2024)
2024-08-13 00:00:00
KB5041782: Windows 10 LTS 1507 Security Update (August 2024)
2024-08-13 00:00:00
kaspersky
kaspersky
KLA71485 Multiple vulnerabilities in Microsoft Products (ESU)
2024-08-13 00:00:00
KLA71482 Multiple vulnerabilities in Microsoft Mariner
2024-08-13 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, August 2024 Security Update Review
2024-08-13 20:31:30
rapid7blog
rapid7blog
Patch Tuesday - August 2024
2024-08-13 23:36:30
talosblog
talosblog
Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
2024-08-13 19:12:45
AI, election security headline discussions at Black Hat and DEF CON
2024-08-15 18:00:31
Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday
2024-08-14 16:02:35
ics
ics
CISA Adds Six Known Exploited Vulnerabilities to Catalog
2024-08-13 12:00:00
krebs
krebs
Six 0-Days Lead Microsoft’s August 2024 Patch Push
2024-08-13 21:43:05
thn
thn
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days
2024-08-14 05:48:00
redhat
redhat
(RHSA-2022:8978) Moderate: grub2 security and bug fix update
2022-12-13 15:31:13
(RHSA-2023:0752) Moderate: grub2 security update
2023-02-14 09:02:50
(RHSA-2023:0047) Moderate: grub2 security update
2023-01-09 14:22:15
osv
osv
Moderate: grub2 security update
2023-01-09 14:23:31
Moderate: grub2 security update
2023-02-16 06:35:52
grub2 - security update
2022-11-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2348
2024-02-20 08:52:02
Advisory ROSA-SA-2024-2461
2024-07-31 09:54:19
oraclelinux
oraclelinux
grub2 security update
2023-01-12 00:00:00
grub2 security update
2023-01-25 00:00:00
grub2 security update
2023-06-13 00:00:00
rocky
rocky
grub2 security update
2023-02-16 06:35:52
grub2 security update
2023-01-09 14:23:31
almalinux
almalinux
Moderate: grub2 security update
2023-01-09 00:00:00
Moderate: grub2 security update
2023-02-14 00:00:00
debian
debian
[SECURITY] [DLA 3190-1] grub2 security update
2022-11-16 09:12:12
[SECURITY] [DLA 3190-2] grub2 security update
2022-12-10 08:22:59
[SECURITY] [DSA 5280-1] grub2 security update
2022-11-15 19:50:06
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Linux Kernel Buffer overflow and denial of service vulnerabilities( CVE-2022-2601, CVE-2022-3775)
2023-07-05 21:12:35
fedora
fedora
[SECURITY] Fedora 37 Update: grub2-2.06-63.fc37
2022-11-18 01:18:26
[SECURITY] Fedora 35 Update: grub2-2.06-14.fc35
2022-12-01 01:39:11
[SECURITY] Fedora 36 Update: grub2-2.06-57.fc36
2022-11-27 01:37:59
gentoo
gentoo
GRUB: Multiple Vulnerabilities
2023-11-25 00:00:00
redos
redos
ROS-20240403-05
2024-04-03 00:00:00
nvd
nvd
CVE-2024-38135
2024-08-13 18:15:16
CVE-2024-38123
2024-08-13 18:15:13
CVE-2024-38215
2024-08-13 18:15:31
cvelist
cvelist
CVE-2024-38187 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
2024-08-13 17:30:31
CVE-2024-38123 Windows Bluetooth Driver Information Disclosure Vulnerability
2024-08-13 17:29:45
CVE-2024-38163 Windows Update Stack Elevation of Privilege Vulnerability
2024-08-13 23:23:36
mscve
mscve
Windows Compressed Folder Tampering Vulnerability
2024-08-13 07:00:00
Windows Bluetooth Driver Information Disclosure Vulnerability
2024-08-13 07:00:00
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
2024-08-13 07:00:00
cve
cve
CVE-2024-38123
2024-08-13 18:15:13
CVE-2024-38163
2024-08-14 00:15:07
CVE-2024-38135
2024-08-13 18:15:16
vulnrichment
vulnrichment
CVE-2024-38123 Windows Bluetooth Driver Information Disclosure Vulnerability
2024-08-13 17:29:45
CVE-2024-38163 Windows Update Stack Elevation of Privilege Vulnerability
2024-08-13 23:23:36
CVE-2024-38135 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
2024-08-13 17:30:12

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.025

Percentile

90.4%

JSON
Related for KLA71484
mskb19openvas32nessus55kaspersky2qualysblog1rapid7blog1talosblog3ics1krebs1thn1redhat7osv7rosalinux2oraclelinux3rocky2almalinux2debian3ibm1fedora3gentoo1redos1nvd13cvelist13mscve8cve9vulnrichment8