Information disclosure in Windows and Windows Server

#VU53096 Information disclosure in Windows and Windows Server

Published: 2021-05-11 | Updated: 2021-08-03

Vulnerability identifier: #VU53096

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-24587

CWE-ID: N/A

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Wireless Networking. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows: 10 - 10 2004, 7, 8.1 - 8.1 RT

Windows Server: 2008 - 2019 2004

CPE

cpe:2.3:o:microsoft:windows:10:1803:*:*:*:*:*:*

External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-24587

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Unisphere for PowerMax and Dell EMC Solutions Enabler

Multiple vulnerabilities in Mitsubishi Electric GT25-WLAN

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in Hitachi ABB Power Grids TropOS

Multiple vulnerabilities in Qualcomm chipsets

Multiple vulnerabilities in Cisco Meraki products

Multiple vulnerabilities in Cisco Meraki MX67W, MX67CW, MX68W, MX68CW, Z3, Z3C

Multiple vulnerabilities in Cisco IP Conference Phone 8832

Multiple vulnerabilities in Cisco IP Phone 6861

Multiple vulnerabilities in Cisco IP Phone 8861 and 8865