Kaspersky ID:
KLA19249
Detect Date:
09/13/2022
Updated:
05/30/2024

Description

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft OLE DB Provider for SQL Server can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Windows Fax Service can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  4. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Windows Credential Roaming Service can be exploited remotely to gain privileges.
  6. A denial of service vulnerability in Windows DNS Server can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in Windows Kerberos can be exploited remotely to gain privileges.
  8. A remote code execution vulnerability in Remote Procedure Call Runtime can be exploited remotely to execute arbitrary code.
  9. A remote code execution vulnerability in Windows TCP/IP can be exploited remotely to execute arbitrary code.
  10. A remote code execution vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions can be exploited remotely to execute arbitrary code.
  11. An elevation of privilege vulnerability in Windows Group Policy can be exploited remotely to gain privileges.
  12. A remote code execution vulnerability in Windows Lightweight Directory Access Protocol (LDAP) can be exploited remotely to execute arbitrary code.
  13. An elevation of privilege vulnerability in Windows GDI can be exploited remotely to gain privileges.
  14. An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
  15. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  16. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  17. A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
  18. A denial of service vulnerability in Windows Event Tracing can be exploited remotely to cause denial of service.
  19. An information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism can be exploited remotely to obtain sensitive information.
  20. A denial of service vulnerability in Windows Internet Key Exchange (IKE) Extension can be exploited remotely to cause denial of service.
  21. An elevation of privilege vulnerability in Windows Distributed File System (DFS) can be exploited remotely to gain privileges.
  22. An information disclosure vulnerability in Windows Remote Access Connection Manager can be exploited remotely to obtain sensitive information.
  23. A security feature bypass vulnerability in Network Device Enrollment Service (NDES) can be exploited remotely to bypass security restrictions.
  24. An elevation of privilege vulnerability in Windows ALPC can be exploited remotely to gain privileges.
 
 

 

 

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2022-35840
    high
  • CVE-2022-38004
    high
  • CVE-2022-34727
    high
  • CVE-2022-37969
    high
  • CVE-2022-30170
    high
  • CVE-2022-34724
    high
  • CVE-2022-33647
    high
  • CVE-2022-34732
    high
  • CVE-2022-35830
    high
  • CVE-2022-34726
    high
  • CVE-2022-34718
    critical
  • CVE-2022-34721
    critical
  • CVE-2022-37955
    high
  • CVE-2022-34731
    high
  • CVE-2022-35803
    high
  • CVE-2022-30200
    high
  • CVE-2022-34730
    high
  • CVE-2022-34729
    high
  • CVE-2022-38006
    high
  • CVE-2022-38005
    high
  • CVE-2022-35831
    high
  • CVE-2022-37959
    high
  • CVE-2022-34725
    high
  • CVE-2022-37956
    high
  • CVE-2022-34733
    high
  • CVE-2022-35836
    high
  • CVE-2022-35833
    high
  • CVE-2022-35832
    high
  • CVE-2022-37958
    high
  • CVE-2022-35835
    high
  • CVE-2022-33679
    high
  • CVE-2022-34734
    high
  • CVE-2022-34728
    high
  • CVE-2022-34720
    high
  • CVE-2022-34719
    high
  • CVE-2022-34722
    critical
  • CVE-2022-35837
    high
  • CVE-2022-35834
    high
  • CVE-2022-37964
    high

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.