#VU17211 Memory leak in Sysinternals Sysmon
Published: January 25, 2019
Vulnerability identifier: #VU17211
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Sysinternals Sysmon
Sysinternals Sysmon
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to Sysmon's driver (SysmonDrv.sys) consumes new area in Nonpaged pool memory every time configuration reloads, but driver does not free old area in Nonpaged pool memory. A remote attacker can trigger memory leak and cause the service to crash.
The weakness exists due to Sysmon's driver (SysmonDrv.sys) consumes new area in Nonpaged pool memory every time configuration reloads, but driver does not free old area in Nonpaged pool memory. A remote attacker can trigger memory leak and cause the service to crash.
Remediation
Update to versions 8.04.