Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0832Sensitive Information Exposure in Corporation Windows

CWE-200Sensitive Information ExposureCWE-401Missing Release of Memory after Effective Lifetime10 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
17.1%
top 5.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
21
Microsoft Corporation WindowsMicrosoft Windows 10Microsoft Windows Server 2008+18 more
Timeline
PublishedFeb 15
Latest updateMay 14

Description

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages19 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-w33j-97gp-63h9: The Windows kernel in Windows 7 SP1, Windows 82022-05-14
GHSA
GHSA-qm78-j8w6-v47p: The Windows kernel in Windows 7 SP1, Windows 82022-05-14
GHSA
GHSA-xjf3-wcjc-6jq8: The Windows kernel in Windows 82022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Kernel - 'nt!RtlpCopyLegacyContextX86' Stack Memory Disclosure2018-02-20

📋Vendor Advisories

1
Microsoft
Windows Kernel Information Disclosure Vulnerability2018-02-13

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - February 20182018-02-13
Talos
Microsoft Patch Tuesday - February 20182018-02-13
CVE-2018-0832 — Sensitive Information Exposure | cvebase