CVE-2017-0050Corporation Windows Kernel vulnerability

10 documents5 sources
Severity
7.8HIGHNVD
EPSS
3.7%
top 12.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Microsoft Corporation Windows KernelMicrosoft Windows 10Microsoft Windows Server 2008+14 more
Timeline
PublishedMar 17
Latest updateMay 13

Description

The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-94wj-v7x5-qwc8: The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 82022-05-13

📋Vendor Advisories

1
Microsoft
Windows Elevation of Privilege Vulnerability2017-03-14

🕵️Threat Intelligence

7
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
Trendmicro
March 2017 Patch Tuesday: 18 Security Bulletins2017-03-15
CVE-2017-0050 — HIGH severity | cvebase