CVE-2017-8474

EUVD-2017-17424

15.06.2017, 01:29

The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_7	-
microsoft	windows_8.1	*
microsoft	windows_server_2012	*
microsoft	windows_server_2016	*

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB4022727
1511 (x64, x86)	KB4022714
1607 (x64, x86)	KB4022715
1703 (x64, x86)	KB4022725

Windows 8.1

(x64, x86)

KB4022726

Windows RT 8.1

All

KB4022726

Windows Server 2012

Server Core	KB4022724
Standard	KB4022724

Windows Server 2012 R2

Server Core	KB4022726
Standard	KB4022726

Windows Server 2016

Server Core	KB4022715
Standard	KB4022715

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://www.securityfocus.com/bid/98902

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8474

http://www.securityfocus.com/bid/98902

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8474