CVE-2019-1228Sensitive Information Exposure in Microsoft Windows 7

CWE-200Sensitive Information Exposure6 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
1.0%
top 22.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Windows 7Microsoft Windows 7 Service Pack 1Microsoft Windows Server 2008 R2 Service Pack 1+10 more
Timeline
PublishedAug 14
Latest updateMay 24

Description

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages13 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-4mw3-66hq-5p8q: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur2022-05-24
GHSA
GHSA-q97c-cvcg-2fpv: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur2022-05-24

📋Vendor Advisories

1
Microsoft
Windows Kernel Information Disclosure Vulnerability2019-08-13

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage2019-08-13
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage2019-08-13
CVE-2019-1228 — Sensitive Information Exposure | cvebase