Lucene search

K
mskbMicrosoftKB4019204
HistoryMay 09, 2017 - 7:00 a.m.

Security update for the Windows win32k Information Disclosure Vulnerability in Windows Server 2008: May 9, 2017

2017-05-0907:00:00
Microsoft
support.microsoft.com
70

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.8

Confidence

High

EPSS

0.589

Percentile

97.8%

Security update for the Windows win32k Information Disclosure Vulnerability in Windows Server 2008: May 9, 2017

Summary

An information disclosure vulnerability exists when the win32k component incorrectly provides kernel information. An attacker who successfully exploits the vulnerability could obtain information to further compromise the user’s system.

To learn more about the vulnerability, go to the Security Update Guide.

More Information

Important

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: May 9, 2017

More Information

__

How to obtain help and support for this security update

Help for installing updates: Windows Update FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File Information

__

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4019204-x64.msu 6F7B323D9865D8B88CAEB3FC83A8BB74222AFC3F E44B48BD9F07FA10CC183931D35E89828681A49DF52049AE0D28002337FB87FA
Windows6.0-KB4019204-ia64.msu D16A080F7214A81D09FE1781685E84B0E55BBC71 30D201FE117DFE3924B9E5E4ECBCE2F0E3921E76DD69FFC889DB8F7B78076FC9
Windows6.0-KB4019204-x86.msu 8301605396E05D4B8E2EE38FCB3CD801AD019CCE 61ED3DBC6DCA600139F6CA77D784B4C8EED77BC6762A1CE209A92642DBE7D23B

File information
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Windows Server 2008 file information

Note: The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

__

For all supported x64-based versions

File name File version File size Date Time Platform
Win32k.sys 6.0.6002.19778 2,806,272 28-Apr-2017 01:59 x64
Win32k.sys 6.0.6002.24095 2,808,320 28-Apr-2017 02:45 x64

__

For all supported ia64-based versions

File name File version File size Date Time Platform
Win32k.sys 6.0.6002.19778 6,693,888 28-Apr-2017 01:45 IA-64
Win32k.sys 6.0.6002.24095 6,703,616 28-Apr-2017 02:21 IA-64

__

For all supported x86-based versions

File name File version File size Date Time Platform
Win32k.sys 6.0.6002.19778 2,074,112 28-Apr-2017 03:15 x86
Win32k.sys 6.0.6002.24095 2,082,304 28-Apr-2017 03:51 x86

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.8

Confidence

High

EPSS

0.589

Percentile

97.8%