Kaspersky ID:
KLA65126
Detect Date:
03/12/2024
Updated:
12/01/2024

Description

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Microsoft AllJoyn API can be exploited remotely to cause denial of service.
  2. A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
  4. An elevation of privilege vulnerability in NTFS can be exploited remotely to gain privileges.
  5. An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
  6. An elevation of privilege vulnerability in Windows Print Spooler can be exploited remotely to gain privileges.
  7. An elevation of privilege vulnerability in Windows Composite Image File System (CimFS) can be exploited remotely to gain privileges.
  8. An elevation of privilege vulnerability in Windows Update Stack can be exploited remotely to gain privileges.
  9. An information disclosure vulnerability in Windows Cloud Files Mini Filter Driver can be exploited remotely to obtain sensitive information.
  10. An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
  11. A denial of service vulnerability in Windows Hyper-V can be exploited remotely to cause denial of service.
  12. A remote code execution vulnerability in Windows Hyper-V can be exploited remotely to execute arbitrary code.
  13. A remote code execution vulnerability in Windows USB Attached SCSI (UAS) Protocol can be exploited remotely to execute arbitrary code.
  14. An elevation of privilege vulnerability in Windows Error Reporting Service can be exploited remotely to gain privileges.
  15. A denial of service vulnerability in Windows Kernel can be exploited remotely to cause denial of service.
  16. An information disclosure vulnerability in RFDS can be exploited remotely to obtain sensitive information.
  17. An elevation of privilege vulnerability in Windows USB Print Driver can be exploited remotely to gain privileges.
  18. An elevation of privilege vulnerability in Windows Telephony Server can be exploited remotely to gain privileges.
  19. A denial of service vulnerability in Windows Standards-Based Storage Management Service can be exploited remotely to cause denial of service.
  20. An elevation of privilege vulnerability in Microsoft Windows SCSI Class System File can be exploited remotely to gain privileges.
  21. An information disclosure vulnerability in Windows Kernel can be exploited remotely to obtain sensitive information.
  22. A security feature bypass vulnerability in Hypervisor-Protected Code Integrity (HVCI) can be exploited remotely to bypass security restrictions.
  23. A security feature bypass vulnerability in Windows Kerberos can be exploited remotely to bypass security restrictions.
  24. A remote code execution vulnerability in Windows USB Hub Driver can be exploited remotely to execute arbitrary code.
  25. A tampering vulnerability in Windows Compressed Folder can be exploited remotely to spoof user interface.
  26. An elevation of privilege vulnerability in Windows Installer can be exploited remotely to gain privileges.
  27. A denial of service vulnerability in Microsoft QUIC can be exploited remotely to cause denial of service.
  28. A remote code execution vulnerability in Windows OLE can be exploited remotely to execute arbitrary code.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

CVE list

  • CVE-2024-21439
    high
  • CVE-2024-26197
    high
  • CVE-2024-21441
    critical
  • CVE-2024-21450
    warning
  • CVE-2024-26161
    critical
  • CVE-2024-26162
    critical
  • CVE-2024-21446
    critical
  • CVE-2024-26166
    critical
  • CVE-2024-26159
    critical
  • CVE-2024-21440
    warning
  • CVE-2024-26177
    high
  • CVE-2024-21433
    high
  • CVE-2024-21444
    critical
  • CVE-2024-26176
    warning
  • CVE-2024-26173
    critical
  • CVE-2024-21432
    high
  • CVE-2024-21430
    high
  • CVE-2024-26174
    high
  • CVE-2024-21437
    critical
  • CVE-2024-21407
    critical
  • CVE-2024-21427
    critical
  • CVE-2024-21429
    high
  • CVE-2024-21451
    critical
  • CVE-2024-26169
    critical
  • CVE-2024-21436
    critical
  • CVE-2024-26181
    high
  • CVE-2023-28746
    warning
  • CVE-2024-26178
    critical
  • CVE-2024-21438
    critical
  • CVE-2024-21443
    high
  • CVE-2024-26182
    critical
  • CVE-2024-26170
    critical
  • CVE-2024-26160
    warning
  • CVE-2024-21408
    high
  • CVE-2024-21445
    high
  • CVE-2024-21434
    critical
  • CVE-2024-21442
    critical
  • CVE-2024-21431
    high
  • CVE-2024-26185
    high
  • CVE-2024-26190
    critical
  • CVE-2024-21435
    critical

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.