Intrusion PreventionMS.Windows.Kernel.CVE-2021-1656.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Microsoft Windows Driver.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted file. A remote attacker can exploit the vulnerability by executing a crafted file on the vulnerable system. Successful exploitation could result in information disclosure conditions.
Affected Products
Windows Server version 20H2 prior to KB4598242
Windows Server version 2004 prior to KB4598242
Windows Server version 1909 prior to KB4598229
Windows Server 2019 prior to KB4598230
Windows Server 2016 prior to KB4598243
Windows Server 2012 R2 prior to KB4598285
Windows Server 2012 prior to KB4598278
Windows Server 2008 R2 Systems Service Pack 1 prior to KB4598279
Windows RT 8.1 prior to KB4598285
Windows 8.1 prior to KB4598285
Windows 7 prior to KB4598279
Windows 10 prior to KB4598231
Windows 10 version 20H2 prior to KB4598242
Windows 10 version 2004 prior to KB4598242
Windows 10 version 1909 prior to KB4598229
Windows 10 version 1809 prior to KB4598230
Windows 10 version 1803 prior to KB4598245
Windows 10 version 1607 prior to KB4598243
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1656
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 51997 |
| Created | Aug 15, 2022 |
| Updated | Aug 07, 2023 |
| Risk |
|
| CVE ID | CVE-2021-1656 |
| Exploit Prediction Score | 0.04% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |