CVE-2016-3232 — Sensitive Information Exposure in Microsoft Windows Server 2012

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

16.8%

top 5.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2012 Msrc Windows Server 2012 Msrc Windows Server 2012 R2

Timeline

PublishedJun 16

Latest updateMay 14

Description

The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages3 packages

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-qfwr-x2hx-pm42: The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from u↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows Virtual PCI Information Disclosure Vulnerability↗2016-06-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶

Talos

Microsoft Patch Tuesday - June 2016↗2016-06-14

▶