Privilege escalation

Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege...

KB4025342: Windows 10 Version 1703 July 2017 Cumulative Update

The remote Windows 10 version 1703 host is missing security update KB4025342. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a reference to an...

The vulnerability of the Windows operating system’s kernel driver mode allows attackers to escalate their privileges.

The vulnerability of the Windows operating system’s kernel mode driver is related to improper data handling. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges...

The vulnerability of the Windows operating system’s kernel allows a hacker to gain access to process control from a privileged context.

The vulnerability of the Windows operating system’s kernel is related to improper access to objects in memory. Exploiting this vulnerability can allow an attacker, operating locally, to gain control over processes from a privileged context...

The vulnerability of the Windows operating system’s kernel allows a hacker to execute code within the context of a privileged process.

The vulnerability of the Windows operating system’s kernel is related to improper data handling in the device’s memory. Exploiting this vulnerability allows a local attacker to execute code within the context of a privileged process...

Microsoft Windows Kernel 'Win32k.sys' Local Information Disclosure Vulnerability (CNVD-2017-12584)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. A local information disclosure vulnerability exists in the Microsoft Windows Kernel 'Win32k.sys', which arises from a program's failure to properly handle objec...

CVE-2017-8554

The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application...

CVE-2017-8575

The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability."...

Win32k information disclosure vulnerability: June 13, 2017

Win32k information disclosure vulnerability: June 13, 2017 Summary An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who...

June 13, 2017—KB4022719 (Monthly Rollup)

June 13, 2017—KB4022719 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4019265 released May 16, 2017 and also resolves the following issues: Addressed issue where, after installing KB3164035, users cannot print enhanced...

June 13, 2017—KB4022718 (Security-only update)

June 13, 2017—KB4022718 Security-only update Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where, after installing KB3164035, users cannot print enhanced metafil...

Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir(CVE-2017-8477)

We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works by first filling a large portion of the kernel stack with a controlled...

Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table(CVE-2017-8483)

We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see below: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and more than N bytes are being referenced. This cannot be protected by try-except. When...

Windows Kernel pool memory disclosure in nt!NtNotifyChangeDirectoryFile(CVE-2017-0299)

We have discovered that the nt!NtNotifyChangeDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes. On our test Windows 10 32-bit workstation, an example layout of the output buffer is as follows: --- cut ---...

Microsoft Windows Kernel - 'ATMFD.DLL' Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1213 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see below: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and more than N byt...

Microsoft Windows Kernel - ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table

Microsoft Windows Kernel - ATMFD.DLL Out-of-Bounds Read due to Malformed Name INDEX in the CFF Table Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1213 We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see...

CVE-2017-8553

An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability"...

CVE-2017-8552

A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege...

CVE-2017-8480

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka...

CVE-2017-8491

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka...