Kaspersky ID:
KLA19249
Detect Date:
09/13/2022
Updated:
11/29/2024

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft OLE DB Provider for SQL Server can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  4. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Windows Credential Roaming Service can be exploited remotely to gain privileges.
  6. A denial of service vulnerability in Windows DNS Server can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  8. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  9. A remote code execution vulnerability in Windows TCP/IP can be exploited remotely to execute arbitrary code.
  10. A remote code execution vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions can be exploited remotely to execute arbitrary code.
  11. An elevation of privilege vulnerability in Windows Group Policy can be exploited remotely to gain privileges.
  12. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
  13. An elevation of privilege vulnerability in Windows GDI can be exploited remotely to gain privileges.
  14. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
  15. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  16. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  17. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  18. A denial of service vulnerability in Windows Event Tracing can be exploited remotely to cause denial of service.
  19. An information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism can be exploited remotely to obtain sensitive information.
  20. A denial of service vulnerability in Windows Internet Key Exchange (IKE) Extension can be exploited remotely to cause denial of service.
  21. An elevation of privilege vulnerability in Windows Distributed File System (DFS) can be exploited remotely to gain privileges.
  22. An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to obtain sensitive information.
  23. A security feature bypass vulnerability in Network Device Enrollment Service (NDES) can be exploited remotely to bypass security restrictions.
  24. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely to gain privileges.
 
 

 

 

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2022-35840
    critical
  • CVE-2022-38004
    critical
  • CVE-2022-34727
    critical
  • CVE-2022-37969
    critical
  • CVE-2022-30170
    high
  • CVE-2022-34724
    critical
  • CVE-2022-33647
    critical
  • CVE-2022-34732
    critical
  • CVE-2022-35830
    critical
  • CVE-2022-34726
    critical
  • CVE-2022-34718
    critical
  • CVE-2022-34721
    critical
  • CVE-2022-37955
    critical
  • CVE-2022-34731
    critical
  • CVE-2022-35803
    critical
  • CVE-2022-30200
    critical
  • CVE-2022-34730
    critical
  • CVE-2022-34729
    critical
  • CVE-2022-38006
    high
  • CVE-2022-38005
    critical
  • CVE-2022-35831
    high
  • CVE-2022-37959
    high
  • CVE-2022-34725
    high
  • CVE-2022-37956
    critical
  • CVE-2022-34733
    critical
  • CVE-2022-35836
    critical
  • CVE-2022-35833
    critical
  • CVE-2022-35832
    high
  • CVE-2022-37958
    critical
  • CVE-2022-35835
    critical
  • CVE-2022-33679
    critical
  • CVE-2022-34734
    critical
  • CVE-2022-34728
    high
  • CVE-2022-34720
    critical
  • CVE-2022-34719
    critical
  • CVE-2022-34722
    critical
  • CVE-2022-35837
    high
  • CVE-2022-35834
    critical
  • CVE-2022-37964
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.