Kaspersky Threats

Detect date

?

06/14/2022

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

A denial of service vulnerability in Windows Network Address Translation (NAT) can be exploited remotely to cause denial of service.
Information disclosure vulnerability in microarchitectural fill buffers on some Intel Processors can be exploited to obtain sensitive information.
An elevation of privilege vulnerability in Windows Advanced Local Procedure Call can be exploited remotely to gain privileges.
Information disclosure vulnerability in multi-core shared buffers for some Intel Processors can be exploited to obtain sensitive information.
Information disclosure vulnerability in specific special register write operations for some Intel Processors can be exploited to obtain sensitive information.
A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows File History can be exploited remotely to execute arbitrary code.
Information disclosure vulnerability in specific special register read operations for some Intel Processors can be exploited to obtain sensitive information.
An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Local Security Authority Subsystem Service can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
An elevation of privilege vulnerability in Windows Media Center can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows iSCSI Discovery Service can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in HEVC Video Extensions can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Container Isolation FS Filter Driver can be exploited remotely to gain privileges.
An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Windows Defender Remote Credential Guard can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in Windows SMB can be exploited remotely to cause denial of service.
An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Microsoft File Server Shadow Copy Agent Service (RVSS) can be exploited remotely to gain privileges.
A security feature bypass vulnerability in Kerberos AppContainer can be exploited remotely to bypass security restrictions.
An information disclosure vulnerability in Windows Desired State Configuration (DSC) can be exploited remotely to obtain sensitive information.
A remote code execution vulnerability in AV1 Video Extension can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Container Manager Service can be exploited remotely to gain privileges.
A spoofing vulnerability in Windows Autopilot Device Management and Enrollment Client can be exploited remotely to spoof user interface.
A remote code execution vulnerability in Windows Encrypting File System (EFS) can be exploited remotely to execute arbitrary code.

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Windows Server 2016 (Server Core installation)
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows 10 Version 21H1 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
AV1 Video Extension
Windows 11 for ARM64-based Systems
Windows RT 8.1
Windows Server 2019
Windows Server 2012
HEVC Video Extension
Windows 10 Version 21H1 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server 2022
HEVC Video Extensions
Windows 8.1 for x64-based systems
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows 10 Version 20H2 for ARM64-based Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-30152
CVE-2022-22018
CVE-2022-21125
CVE-2022-21123
CVE-2022-30131
CVE-2022-30162
CVE-2022-30150
CVE-2022-30151
CVE-2022-30136
CVE-2022-32230
CVE-2022-30165
CVE-2022-30154
CVE-2022-30164
CVE-2022-30163
CVE-2022-30155
CVE-2022-29119
CVE-2022-30135
CVE-2022-29111
CVE-2022-30153
CVE-2022-30140
CVE-2022-30160
CVE-2022-30148
CVE-2022-30167
CVE-2022-30132
CVE-2022-21166
CVE-2022-30149
CVE-2022-30139
CVE-2022-30142
CVE-2022-30161
CVE-2022-30146
CVE-2022-21127
CVE-2022-30193
CVE-2022-30147
CVE-2022-30166
CVE-2022-30189
CVE-2022-30145
CVE-2022-30141
CVE-2022-30188
CVE-2022-30143

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

SUI

[?]

Detect date ?	06/14/2022
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: A denial of service vulnerability in Windows Network Address Translation (NAT) can be exploited remotely to cause denial of service. Information disclosure vulnerability in microarchitectural fill buffers on some Intel Processors can be exploited to obtain sensitive information. An elevation of privilege vulnerability in Windows Advanced Local Procedure Call can be exploited remotely to gain privileges. Information disclosure vulnerability in multi-core shared buffers for some Intel Processors can be exploited to obtain sensitive information. Information disclosure vulnerability in specific special register write operations for some Intel Processors can be exploited to obtain sensitive information. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code. An elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock can be exploited remotely to gain privileges. A remote code execution vulnerability in Windows File History can be exploited remotely to execute arbitrary code. Information disclosure vulnerability in specific special register read operations for some Intel Processors can be exploited to obtain sensitive information. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Local Security Authority Subsystem Service can be exploited remotely to gain privileges. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service. An elevation of privilege vulnerability in Windows Media Center can be exploited remotely to gain privileges. A remote code execution vulnerability in Windows iSCSI Discovery Service can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in HEVC Video Extensions can be exploited remotely to execute arbitrary code. An elevation of privilege vulnerability in Windows Container Isolation FS Filter Driver can be exploited remotely to gain privileges. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information. An elevation of privilege vulnerability in Windows Defender Remote Credential Guard can be exploited remotely to gain privileges. A remote code execution vulnerability in Windows Network File System can be exploited remotely to execute arbitrary code. A denial of service vulnerability in Windows SMB can be exploited remotely to cause denial of service. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Microsoft File Server Shadow Copy Agent Service (RVSS) can be exploited remotely to gain privileges. A security feature bypass vulnerability in Kerberos AppContainer can be exploited remotely to bypass security restrictions. An information disclosure vulnerability in Windows Desired State Configuration (DSC) can be exploited remotely to obtain sensitive information. A remote code execution vulnerability in AV1 Video Extension can be exploited remotely to execute arbitrary code. An elevation of privilege vulnerability in Windows Container Manager Service can be exploited remotely to gain privileges. A spoofing vulnerability in Windows Autopilot Device Management and Enrollment Client can be exploited remotely to spoof user interface. A remote code execution vulnerability in Windows Encrypting File System (EFS) can be exploited remotely to execute arbitrary code.
Exploitation	Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Windows Server 2016 (Server Core installation) Windows 10 Version 21H1 for 32-bit Systems Windows 10 for x64-based Systems Windows 8.1 for 32-bit systems Windows Server 2022 Azure Edition Core Hotpatch Windows 10 Version 21H1 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows Server, version 20H2 (Server Core Installation) AV1 Video Extension Windows 11 for ARM64-based Systems Windows RT 8.1 Windows Server 2019 Windows Server 2012 HEVC Video Extension Windows 10 Version 21H1 for ARM64-based Systems Windows 11 for x64-based Systems Windows Server 2022 HEVC Video Extensions Windows 8.1 for x64-based systems Windows Server 2012 R2 (Server Core installation) Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows Server 2019 (Server Core installation) Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows 10 Version 20H2 for ARM64-based Systems Windows Server 2022 (Server Core installation) Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2022-30152 CVE-2022-22018 CVE-2022-21125 CVE-2022-21123 CVE-2022-30131 CVE-2022-30162 CVE-2022-30150 CVE-2022-30151 CVE-2022-30136 CVE-2022-32230 CVE-2022-30165 CVE-2022-30154 CVE-2022-30164 CVE-2022-30163 CVE-2022-30155 CVE-2022-29119 CVE-2022-30135 CVE-2022-29111 CVE-2022-30153 CVE-2022-30140 CVE-2022-30160 CVE-2022-30148 CVE-2022-30167 CVE-2022-30132 CVE-2022-21166 CVE-2022-30149 CVE-2022-30139 CVE-2022-30142 CVE-2022-30161 CVE-2022-30146 CVE-2022-21127 CVE-2022-30193 CVE-2022-30147 CVE-2022-30166 CVE-2022-30189 CVE-2022-30145 CVE-2022-30141 CVE-2022-30188 CVE-2022-30143
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?] SUI [?]
Related products	Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2012 Microsoft Windows 8 Windows RT Microsoft Windows 10 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows 11
CVE-IDS ?	CVE-2022-301525.0Warning CVE-2022-211252.1Warning CVE-2022-301604.6Warning CVE-2022-211232.1Warning CVE-2022-211662.1Warning CVE-2022-301495.1High CVE-2022-301514.4Warning CVE-2022-301427.6Critical CVE-2022-301616.8High CVE-2022-301465.1High CVE-2022-211272.1Warning CVE-2022-301477.2High CVE-2022-301664.6Warning CVE-2022-301419.3Critical CVE-2022-301636.0High CVE-2022-301557.1High CVE-2022-301357.2High CVE-2022-301536.8High CVE-2022-301435.1High CVE-2022-301405.1High CVE-2022-220186.8High CVE-2022-301317.2High CVE-2022-301622.1Warning CVE-2022-301506.0High CVE-2022-322307.8Critical CVE-2022-301656.5High CVE-2022-301542.1Warning CVE-2022-301644.6Warning CVE-2022-291196.8High CVE-2022-291116.8High CVE-2022-301482.1Warning CVE-2022-301676.8High CVE-2022-301327.2High CVE-2022-301396.0High CVE-2022-301936.8High CVE-2022-301894.3Warning CVE-2022-301456.0High CVE-2022-301886.8High
KB list	5013942 5013941 5013943 5013945 5014702 5014699 5014692 5014710 5014747 5014678 5014738 5014741 5014697 5014746 5014677
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA12569Multiple vulnerabilities in Microsoft Windows

KLA12569
Multiple vulnerabilities in Microsoft Windows