CVE-2017-8553 — Sensitive Information Exposure in Corporation Windows Kernel

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

2.6%

top 14.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

13

Microsoft Corporation Windows Kernel Microsoft Windows Server 2008 Microsoft Windows Server 2012 +10 more

Timeline

PublishedJun 15

Latest updateMay 14

Description

An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages12 packages

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2012_r2

▶msrcmsrc/windows_server_2008_for_32-bit_systems_service_pack_2

▶msrcmsrc/windows_server_2008_for_x64-based_systems_service_pack_2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

1

GHSA

GHSA-mvcc-9fpf-cmrm: An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8↗2022-05-14

▶

📋Vendor Advisories

1

Microsoft

Windows Kernel Information Disclosure Vulnerability↗2017-06-13

▶

🕵️Threat Intelligence

1

Talos

Microsoft Patch Tuesday - June 2017↗2017-06-13

▶

CVE-2017-8553 — Sensitive Information Exposure | cvebase