MS.Win32k.VCRUNTIME140.KASLR.Bypass.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure vulnerability in Microsoft Windows.
This vulnerability is due to an error when the affected application handles maliciously crafted file. A remote attacker may be able to exploit this to gain access to sensitive information, via a crafted file.
Affected Products
Windows Vista x64 Edition Service Pack 2
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1703 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows RT 8.1
Windows 10 Version 1511 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows 10 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows 10 Version 1703 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 Version 1607 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Vista Service Pack 2
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0167
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-10 | 14.629 | Severity:high:medium |