Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered an information disclosure vulnerability in the Windows 10 kernel. An attacker could exploit this vulnerability by tricking the victim into opening a specially crafted executable, causing an out-of-bounds read, which leads to the disclosure of sensitive information.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability detailsMicrosoft Windows 10 Kernel SetMapMode MM_HIENGLISH information disclosure vulnerability (TALOS-2020-1016/CVE-2020-0791)
An exploitable information disclosure vulnerability exists in the kernel of Microsoft Windows 10. A specially crafted executable can cause an out-of-bounds read, resulting in information disclosure. To trigger this vulnerability, the attacker needs to execute a specially crafted executable.
Read the complete vulnerability advisory here for additional information.
Versions testedTalos tested and confirmed that the kernel in Microsoft Windows 10 is affected by this bug.
CoverageThe following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 53257, 53258
Article Link: http://feedproxy.google.com/~r/feedburner/Talos/~3/fqXfmBjGe5A/vuln-spotlight-windows-10-kernel-information-disclosure.html