Kaspersky Threats

Дата обнаружения

11/10/2022

Уровень угрозы

Critical

Описание

Multiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Windows COM+ Event System Service can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows ALPC can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows Group Policy Preference Client can be exploited remotely to gain privileges.
A spoofing vulnerability in Windows CryptoAPI can be exploited remotely to spoof user interface.
An information disclosure vulnerability in Windows Graphics Component can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Windows Group Policy can be exploited remotely to gain privileges.
A security feature bypass vulnerability in Windows Portable Device Enumerator Service can be exploited remotely to bypass security restrictions.
An elevation of privilege vulnerability in Windows Graphics Component can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Active Directory Certificate Services can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Active Directory Domain Services can be exploited remotely to gain privileges.
A remote code execution vulnerability in Windows Point-to-Point Tunneling Protocol can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Windows CD-ROM File System Driver can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in Windows Event Logging Service can be exploited remotely to cause denial of service.
A remote code execution vulnerability in Microsoft ODBC Driver can be exploited remotely to execute arbitrary code.
An elevation of privilege vulnerability in Windows Kernel can be exploited remotely to gain privileges.
A remote code execution vulnerability in Microsoft WDAC OLE DB provider for SQL Server can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Windows GDI+ can be exploited remotely to execute arbitrary code.
An information disclosure vulnerability in Windows Security Support Provider Interface can be exploited remotely to obtain sensitive information.
An information disclosure vulnerability in Windows DHCP Client can be exploited remotely to obtain sensitive information.
A denial of service vulnerability in Windows Secure Channel can be exploited remotely to cause denial of service.
A denial of service vulnerability in Windows TCP/IP Driver can be exploited remotely to cause denial of service.
An elevation of privilege vulnerability in Windows Workstation Service can be exploited remotely to gain privileges.
A denial of service vulnerability in Local Security Authority Subsystem Service (LSASS) can be exploited remotely to cause denial of service.
An information disclosure vulnerability in Windows Server Remotely Accessible Registry Keys can be exploited remotely to obtain sensitive information.
An elevation of privilege vulnerability in Windows Win32k can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Windows Client Server Run-time Subsystem (CSRSS) can be exploited remotely to gain privileges.
A spoofing vulnerability in Windows NTLM can be exploited remotely to spoof user interface.
A security feature bypass vulnerability in Windows Active Directory Certificate Services can be exploited remotely to bypass security restrictions.

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения

CVE-2022-41033
CVE-2022-38029
CVE-2022-37994
CVE-2022-34689
CVE-2022-37985
CVE-2022-37975
CVE-2022-37999
CVE-2022-38032
CVE-2022-38051
CVE-2022-37976
CVE-2022-38042
CVE-2022-38047
CVE-2022-38044
CVE-2022-37981
CVE-2022-24504
CVE-2022-38040
CVE-2022-33634
CVE-2022-37990
CVE-2022-37982
CVE-2022-37997
CVE-2022-33635
CVE-2022-22035
CVE-2022-38038
CVE-2022-38043
CVE-2022-37988
CVE-2022-37991
CVE-2022-37993
CVE-2022-38026
CVE-2022-38041
CVE-2022-30198
CVE-2022-33645
CVE-2022-38034
CVE-2022-37977
CVE-2022-38033
CVE-2022-38022
CVE-2022-37986
CVE-2022-38037
CVE-2022-41081
CVE-2022-37987
CVE-2022-38031
CVE-2022-38000
CVE-2022-35770
CVE-2022-37989
CVE-2022-37978

Оказываемое влияние

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

SUI

[?]

Связанные продукты

Microsoft Windows
Microsoft Windows Server
Microsoft Windows 7
Microsoft Windows Server 2008

CVE-IDS

KB list

5016622
5016686
5016669
5016679
5016676
5018446
5018479
5018450
5018454

KLA20001Multiple vulnerabilities in Microsoft Products (ESU)

KLA20001
Multiple vulnerabilities in Microsoft Products (ESU)