CVE-2017-8554 — Sensitive Information Exposure in Corporation Microsof Windows

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

1.3%

top 20.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsof Windows Microsoft Windows 10 Microsoft Windows Server 2008 +13 more

Timeline

PublishedJun 29

Latest updateMay 17

Description

The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages15 packages

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2008_r2

▶msrcmsrc/windows_server_2012_r2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-cgp6-x5pm-9pmp: The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Windows Kernel Information Disclosure Vulnerability↗2017-06-13

▶