CVE-2016-0090 — Sensitive Information Exposure in Microsoft Windows Server 2012

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.7%

top 27.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2012 Msrc Windows 10 FOR X64-based Systems Msrc Windows 8.1 FOR X64-based Systems +2 more

Timeline

PublishedApr 12

Latest updateMay 14

Description

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 2.5 | Impact: 4.0

Affected Packages5 packages

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

▶msrcmsrc/windows_10_for_x64-based_systems

▶msrcmsrc/windows_8.1_for_x64-based_systems

🔴Vulnerability Details

GHSA

GHSA-79w7-c8r5-c5pm: Hyper-V in Microsoft Windows 8↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Information Disclosure Vulnerability↗2016-04-12

▶