Kaspersky Threats

Detect date

?

09/12/2023

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service.
An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Microsoft Streaming Service Proxy can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows GDI can be exploited remotely to gain privileges.
An information disclosure vulnerability in Windows TCP/IP can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges.
An information disclosure vulnerability in DHCP Server Service can be exploited remotely to obtain sensitive information.
A denial of service vulnerability in Windows TCP/IP can be exploited remotely to cause denial of service.
An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
A security feature bypass vulnerability in Windows MSHTML Platform can be exploited remotely to bypass security restrictions.
A remote code execution vulnerability in Windows Miracast Wireless Display can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Internet Connection Sharing (ICS) can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Windows Themes can be exploited remotely to execute arbitrary code.

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Windows Server 2019
Windows 10 Version 21H2 for x64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows 10 Version 1607 for x64-based Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows Server 2022 (Server Core installation)
Windows 10 Version 22H2 for x64-based Systems
Windows Server 2022
Windows 10 for 32-bit Systems
Windows Server 2012
Windows 11 Version 22H2 for x64-based Systems
Windows Server 2016
Windows 10 Version 1607 for 32-bit Systems

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2023-38162
CVE-2023-35355
CVE-2023-38141
CVE-2023-36802
CVE-2023-36804
CVE-2023-38160
CVE-2023-38143
CVE-2023-38144
CVE-2023-38150
CVE-2023-38152
CVE-2023-38142
CVE-2023-38149
CVE-2023-36803
CVE-2023-36805
CVE-2023-38140
CVE-2023-38147
CVE-2023-36801
CVE-2023-38148
CVE-2023-38146
CVE-2023-38161
CVE-2023-38139

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

Related products

Microsoft Windows
Microsoft Windows Server
Microsoft Windows Server 2012
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows 11

CVE-IDS

?

KB list

5030287
5030214
5030325
5030213
5030211
5030217
5030219
5030209
5030269
5030279
5030278
5030216
5030220

Microsoft official advisories

Microsoft Security Update Guide

Find out the statistics of the vulnerabilities spreading in your region

Detect date ?	09/12/2023
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: A denial of service vulnerability in DHCP Server Service can be exploited remotely to cause denial of service. An elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Microsoft Streaming Service Proxy can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Windows GDI can be exploited remotely to gain privileges. An information disclosure vulnerability in Windows TCP/IP can be exploited remotely to obtain sensitive information. An elevation of privilege vulnerability in Windows Common Log File System Driver can be exploited remotely to gain privileges. An information disclosure vulnerability in DHCP Server Service can be exploited remotely to obtain sensitive information. A denial of service vulnerability in Windows TCP/IP can be exploited remotely to cause denial of service. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information. A security feature bypass vulnerability in Windows MSHTML Platform can be exploited remotely to bypass security restrictions. A remote code execution vulnerability in Windows Miracast Wireless Display can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in Internet Connection Sharing (ICS) can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in Windows Themes can be exploited remotely to execute arbitrary code.
Exploitation	Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Windows Server 2019 Windows 10 Version 21H2 for x64-based Systems Windows 11 version 21H2 for x64-based Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows 10 Version 1607 for x64-based Systems Windows 11 version 21H2 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows Server 2016 (Server Core installation) Windows 10 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 11 Version 22H2 for ARM64-based Systems Windows Server 2019 (Server Core installation) Windows Server 2012 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows Server 2022 (Server Core installation) Windows 10 Version 22H2 for x64-based Systems Windows Server 2022 Windows 10 for 32-bit Systems Windows Server 2012 Windows 11 Version 22H2 for x64-based Systems Windows Server 2016 Windows 10 Version 1607 for 32-bit Systems
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2023-38162 CVE-2023-35355 CVE-2023-38141 CVE-2023-36802 CVE-2023-36804 CVE-2023-38160 CVE-2023-38143 CVE-2023-38144 CVE-2023-38150 CVE-2023-38152 CVE-2023-38142 CVE-2023-38149 CVE-2023-36803 CVE-2023-36805 CVE-2023-38140 CVE-2023-38147 CVE-2023-36801 CVE-2023-38148 CVE-2023-38146 CVE-2023-38161 CVE-2023-38139
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?]
Related products	Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2012 Microsoft Windows 10 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows 11
CVE-IDS ?	CVE-2023-381495.0Warning CVE-2023-381415.0Warning CVE-2023-368015.0Warning CVE-2023-368045.0Warning CVE-2023-381605.0Warning CVE-2023-381435.0Warning CVE-2023-381445.0Warning CVE-2023-381525.0Warning CVE-2023-381615.0Warning CVE-2023-381425.0Warning CVE-2023-381395.0Warning CVE-2023-381625.0Warning CVE-2023-353555.0Warning CVE-2023-368025.0Warning CVE-2023-381505.0Warning CVE-2023-368035.0Warning CVE-2023-368055.0Warning CVE-2023-381405.0Warning CVE-2023-381475.0Warning CVE-2023-381485.0Warning CVE-2023-381465.0Warning
KB list	5030287 5030214 5030325 5030213 5030211 5030217 5030219 5030209 5030269 5030279 5030278 5030216 5030220
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA60566Multiple vulnerabilities in Microsoft Windows

KLA60566
Multiple vulnerabilities in Microsoft Windows