CVE-2018-0810 — Improper Initialization in Corporation Windows

CWE-665 — Improper Initialization7 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

2.1%

top 15.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Microsoft Windows 10 Microsoft Windows Server +10 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages12 packages

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2008_for_32-bit_systems_service_pack_2

▶msrcmsrc/windows_server_2008_for_x64-based_systems_service_pack_2

▶msrcmsrc/windows_server_2008_r2_for_x64-based_systems_service_pack_1

▶msrcmsrc/windows_server_2008_for_itanium-based_systems_service_pack_2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rrpg-4874-9gj3: The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the↗2022-05-13

▶

GHSA

GHSA-xw4w-2423-hr2m: The Windows kernel in Windows 7 SP1, Windows 8↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Windows Kernel Information Disclosure Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶