CVE-2018-0757 — Improper Initialization in Corporation Windows

CWE-665 — Improper Initialization7 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

1.8%

top 17.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Microsoft Windows 10 Microsoft Windows Server +16 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0810.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages18 packages

▶msrcmsrc/windows_server_version_1709

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2008_r2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rrpg-4874-9gj3: The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the↗2022-05-13

▶

GHSA

GHSA-xw4w-2423-hr2m: The Windows kernel in Windows 7 SP1, Windows 8↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Windows Kernel Information Disclosure Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶