Описание
Windows Kernel Information Disclosure Vulnerability
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
Why does this CVE indicate that the vulnerability has been publicly disclosed?
This underlying vulnerability is due to an issue in the microarchitecture of certain ARM-based cores. Microsoft issued this CVE to document the Windows updates that address this underlying problem. This update mitigates against this vulnerability.
For more information on this public disclosure, please see: Prefetcher Side Channels: Armv8 Security Bulletin.
What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows 11 Version 22H2 for ARM64-based Systems | ||
| Windows 11 Version 23H2 for ARM64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
Windows Kernel Information Disclosure Vulnerability
Уязвимость операционных систем Windows, связанная с оптимизацией процессора, удалением или модификацией критичного для безопасности кода, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.9 Medium
CVSS3