Tuesday, March 10, 2020

Vulnerability Spotlight: Information disclosure in Windows 10 Kernel


Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered an information disclosure vulnerability in the Windows 10 kernel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted executable, causing an out-of-bounds read, which leads to the disclosure of sensitive information.
Microsoft disclosed and patched this bug as part of their monthly security update Tuesday. For more on their updates, read the full blog here.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Microsoft Windows 10 Kernel SetMapMode MM_HIENGLISH information disclosure vulnerability (TALOS-2020-1016/CVE-2020-0791)

An exploitable information disclosure vulnerability exists in the kernel of Microsoft Windows 10. A specially crafted executable can cause an out-of-bounds read, resulting in information disclosure. To trigger this vulnerability, the attacker needs to execute a specially crafted executable.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that the kernel in Microsoft Windows 10 is affected by this bug.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53257, 53258

No comments:

Post a Comment