Description

<p>An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.</p> <p>The update addresses the vulnerability by correcting how the Windows KernelStream handles objects in memory.</p>

Related CPE's

o

microsoft

windows_10

8

o

microsoft

windows_7

sp1

Vulnerable

o

microsoft

windows_8.1

-

Vulnerable

o

microsoft

windows_rt_8.1

-

Vulnerable

o

microsoft

windows_server_2008

2

o

microsoft

windows_server_2012

2

o

microsoft

windows_server_2016

4

o

microsoft

windows_server_2019

-

Vulnerable

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16889

PatchVendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2020-10-16T23:15:12.930

4 years ago

Last modified

2023-12-31T20:15:47.423

1 year ago