KLA71485 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, execute arbitrary code, cause denial of service, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Heap buffer overflow vulnerability in grub_font_construct_glyph() can be exploited to cause denial of service.
2. Out of bounds memory write vulnerability into grub2’s heap can be exploited to cause denial of service.
3. A remote code execution vulnerability in Shim can be exploited remotely to execute arbitrary code.
4. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
5. A remote code execution vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to execute arbitrary code.
6. A remote code execution vulnerability in Windows TCP/IP can be exploited remotely to execute arbitrary code.
7. A remote code execution vulnerability in Windows IP Routing Management Snapin can be exploited remotely to execute arbitrary code.
8. A denial of service vulnerability in Windows Layer-2 Bridge Network Driver can be exploited remotely to cause denial of service.
9. An elevation of privilege vulnerability in Kernel Streaming Service Driver can be exploited remotely to gain privileges.
10. An elevation of privilege vulnerability in Kernel Streaming WOW Thunk Service Driver can be exploited remotely to gain privileges.
11. A denial of service vulnerability in Windows Network Address Translation (NAT) can be exploited remotely to cause denial of service.
12. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
13. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
14. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
15. An elevation of privilege vulnerability in Windows Hyper-V can be exploited remotely to gain privileges.
16. An information disclosure vulnerability in Windows Routing and Remote Access Service (RRAS) can be exploited remotely to obtain sensitive information.
17. An information disclosure vulnerability in Microsoft Local Security Authority (LSA) Server can be exploited remotely to obtain sensitive information.
18. A remote code execution vulnerability in Clipboard Virtual Channel Extension can be exploited remotely to execute arbitrary code.
19. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.
20. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
21. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
22. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
23. A spoofing vulnerability in Windows DNS can be exploited remotely to spoof user interface.
24. An elevation of privilege vulnerability in Windows Initial Machine Configuration can be exploited remotely to gain privileges.
25. A remote code execution vulnerability in Windows Line Printer Daemon (LPD) Service can be exploited remotely to execute arbitrary code.
26. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
27. A security feature bypass vulnerability in Windows Mark of the Web can be exploited remotely to bypass security restrictions.
28. A remote code execution vulnerability in Windows Reliable Multicast Transport Driver (RMCAST) can be exploited remotely to execute arbitrary code.
29. An elevation of privilege vulnerability in Windows Power Dependency Coordinator can be exploited remotely to gain privileges.
30. A security feature bypass vulnerability in Windows SmartScreen can be exploited remotely to bypass security restrictions.

Original advisories

CVE-2024-38116

CVE-2024-38134

CVE-2024-38122

CVE-2024-38131

CVE-2024-38152

CVE-2024-38120

CVE-2024-38198

CVE-2022-3775

CVE-2024-38178

CVE-2024-38153

CVE-2024-38063

CVE-2024-38141

CVE-2024-38114

CVE-2024-38145

CVE-2024-38191

CVE-2024-38144

CVE-2024-38117

CVE-2024-38126

CVE-2024-37968

CVE-2024-38223

CVE-2024-38125

CVE-2024-38151

CVE-2024-38121

CVE-2022-2601

CVE-2024-38128

CVE-2024-29995

CVE-2024-38130

CVE-2024-38132

CVE-2024-38154

CVE-2024-38199

CVE-2024-38115

CVE-2024-38146

CVE-2024-38196

CVE-2024-38118

CVE-2024-38193

CVE-2023-40547

CVE-2024-38213

CVE-2024-38140

CVE-2024-38127

CVE-2024-38107

CVE-2024-38214

CVE-2024-38180

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-Server-2012

Microsoft-Windows-Server-2008

CVE list

CVE-2022-2601 critical

CVE-2022-3775 high

CVE-2023-40547 critical

CVE-2024-38198 critical

CVE-2024-38120 critical

CVE-2024-38063 critical

CVE-2024-38114 critical

CVE-2024-38145 critical

CVE-2024-38191 critical

CVE-2024-38144 critical

CVE-2024-38126 critical

CVE-2024-38125 critical

CVE-2024-38151 high

CVE-2024-38128 critical

CVE-2024-29995 critical

CVE-2024-38132 critical

CVE-2024-38154 critical

CVE-2024-38193 critical

CVE-2024-38127 critical

CVE-2024-38214 high

CVE-2024-38116 critical

CVE-2024-38134 critical

CVE-2024-38122 high

CVE-2024-38131 critical

CVE-2024-38152 critical

CVE-2024-38178 critical

CVE-2024-38153 critical

CVE-2024-38141 critical

CVE-2024-38117 critical

CVE-2024-37968 critical

CVE-2024-38223 high

CVE-2024-38121 critical

CVE-2024-38130 critical

CVE-2024-38199 critical

CVE-2024-38115 critical

CVE-2024-38146 critical

CVE-2024-38196 critical

CVE-2024-38118 high

CVE-2024-38213 high

CVE-2024-38140 critical

CVE-2024-38107 critical

CVE-2024-38180 critical

KB list

5039260

5039294

5040498

5040499

5040497

5040456

5040490

5040485

5041770

5041847

5041850

5041828

5041851

5041823

5041838

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2012 R2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2012