Microsoft Windows Kernel Information Disclosure Vulnerability

Summary

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka ‘Windows Kernel Information Disclosure Vulnerability’.

Credit:

The information has been provided by Andrei Vlad Lutas & Dan Lutas

The original article can be found at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125

 


Details

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.

Vulnerable Systems:

Microsoft Windows Server 2019
Microsoft Windows Server 2016
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2
Microsoft Windows Server 1903
Microsoft Windows Server 1803
Microsoft Windows Server 1709
Microsoft Windows RT 8.1
Microsoft Windows 8.1
Microsoft Windows 7
Microsoft Windows 10

CVE Information:

CVE-2019-1125

Disclosure Timeline:
Published Date:09/10/2019