Описание
Microsoft Windows Admin Center Information Disclosure Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
This attack requires a admin user on the client to connect to a malicious server and then take specific actions which could result in information disclosure.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability.
What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.3 High
CVSS3
Связанные уязвимости
Microsoft Windows Admin Center Information Disclosure Vulnerability
Microsoft Windows Admin Center Information Disclosure Vulnerability
Уязвимость инструмента удаленного управления Admin Center операционных систем Windows, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
EPSS
7.3 High
CVSS3