Multiple information disclosure vulnerabilities in Windows kernel

Published: 2017-09-12 22:27:45
Severity Low
Patch available YES
Number of vulnerabilities 4
CVSSv2 1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
CVSSv3 4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE ID CVE-2017-8679
CVE-2017-8708
CVE-2017-8709
CVE-2017-8719
CWE ID CWE-200
Exploitation vector Local
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 7
Windows 10
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2016
Vendor URL Microsoft
Advisory type Public

Security Advisory

1) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8679

2) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, allowing an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8708

3) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8709

4) Information disclosure

Description

The vulnerability allows a local user to obtain potentially sensitive information.

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. A local user can gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8719

Back to List