This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32k.sys driver. During creation of a palette object, a race condition exists due to the failure to lock an object in memory between operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the kernel.