CVE-2020-16938Improper Initialization in Microsoft Windows 10 Version 2004

CWE-665Improper Initialization4 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
10.6%
top 6.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Microsoft Windows 10 Version 2004Microsoft Windows Server Version 2004Microsoft Windows 10+5 more
Timeline
PublishedOct 16
Latest updateMay 24

Description

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5microsoft/windows_10_version_200410.0.0publication
CVEListV5microsoft/windows_server_version_200410.0.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-xp39-whpp-93gx: An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory2022-05-24
GHSA
GHSA-pr2j-c9wc-9h25: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosur2022-05-24

📋Vendor Advisories

1
Microsoft
Windows Kernel Information Disclosure Vulnerability2020-10-13
CVE-2020-16938 — Improper Initialization in Microsoft | cvebase