CVE-2017-8474Sensitive Information Exposure in Corporation Microsoft Windows

CWE-200Sensitive Information Exposure40 documents4 sources
Severity
5.5MEDIUMNVD
NVD5.0
EPSS
2.8%
top 13.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Microsoft Corporation Microsoft WindowsMicrosoft Windows 10Microsoft Windows 8.1+16 more
Timeline
PublishedJun 15
Latest updateMay 17

Description

The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages18 packages

NVDmicrosoft/windows_101511, 1607, 1703+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

19
GHSA
GHSA-c255-fhwm-4cwm: The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-9525-wqf7-w23h: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-6qxm-5w27-9jp6: The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 82022-05-17
GHSA
GHSA-9ppx-ghhq-mvrf: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-14
GHSA
GHSA-7mp5-wx3q-rvg3: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 82022-05-14

📋Vendor Advisories

1
Microsoft
Windows Kernel Information Disclosure Vulnerability2017-06-13

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - June 20172017-06-13
CVE-2017-8474 — Sensitive Information Exposure | cvebase