CVE-2017-0058

moderate-risk

Published 2017-04-12

A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability."

Do I need to act?

16.5% chance of exploitation in next 30 days

EPSS score — higher than 84% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

41879

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

LOCAL / HIGH complexity

Affected Products (13)

Windows 10

Windows 7

Windows Server 2008

Windows Server 2012

Windows Server 2016

Windows 10

Windows 8.1

Windows Rt 8.1

Windows Server 2008

Windows Server 2012

Windows Vista

Affected Vendors

Microsoft

References (8)

Third Party Advisory http://www.securityfocus.com/bid/97462

http://www.securitytracker.com/id/1038239

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0058

https://www.exploit-db.com/exploits/41879/

Third Party Advisory http://www.securityfocus.com/bid/97462

http://www.securitytracker.com/id/1038239

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0058

https://www.exploit-db.com/exploits/41879/

/ 100

moderate-risk

Severity 12/34 · Low

Exploitability 20/34 · Moderate

Exposure 17/34 · Moderate