Описание
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited this vulnerability could disclose information from one process to another.
To exploit the vulnerability, an attacker would have to either log on locally to an affected system or convince a locally authenticated user to execute a specially crafted application.
The update addresses this vulnerability by correcting how the Windows kernel handles certain page fault system calls.
FAQ
I am running Windows Server 2012. Do I need to install the 3170377 and 3172727 updates in a particular order? No. The 3170377 and 3172727 updates both contain the same components and can be installed in any order. Installing one and then the other without a system restart in between is allowed; however, if you install the 3172727 update first and then restart the system, subsequent attempts to install the 3170377 update will display the message, “The update is not applicable to your computer." This is because the 3172727 update supersedes the 3170377 update by design.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2012 | ||
| Windows Server 2012 (Server Core installation) | ||
| Windows 8.1 for 32-bit systems | ||
| Windows 8.1 for x64-based systems | ||
| Windows Server 2012 R2 | ||
| Windows RT 8.1 | - | |
| Windows Server 2012 R2 (Server Core installation) | ||
| Windows 10 for 32-bit Systems | ||
| Windows 10 for x64-based Systems | ||
| Windows 10 Version 1511 for x64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
3.1 Low
CVSS3
Связанные уязвимости
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka "Windows Kernel Information Disclosure Vulnerability."
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles page-fault system calls, which allows local users to obtain sensitive information from an arbitrary process via a crafted application, aka "Windows Kernel Information Disclosure Vulnerability."
Уязвимость операционной системы Windows, позволяющая нарушителю получить конфиденциальную информацию
EPSS
3.1 Low
CVSS3