Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0746: Windows Kernel Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2018-0746: Windows Kernel Information Disclosure Vulnerability

Severity
2
CVSS
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Published
01/03/2018
Created
07/25/2018
Added
01/04/2018
Modified
11/18/2021

Description

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.

Solution(s)

  • msft-kb4056888-664639c3-95e4-4deb-8b34-0d599c0a582b
  • msft-kb4056888-c0708f93-30a8-47ad-9892-f807c6f83014
  • msft-kb4056890-92aedd4d-0cea-4906-8353-0a8dea97f44c
  • msft-kb4056890-b90c6608-1562-42b3-a665-18a5bfce7a22
  • msft-kb4056890-e149510e-1e4a-4263-8eea-d09548b516a6
  • msft-kb4056891-64a4a722-8ee1-4315-8977-b970916497a7
  • msft-kb4056891-74b9cfdd-c2b4-4094-a7ac-49dafeacb837
  • msft-kb4056892-3ad66183-2a80-4552-892b-c80c34461704
  • msft-kb4056892-f5928a6a-8aba-4be4-8a38-07688e23afc5
  • msft-kb4056892-ff4a4508-e334-4006-bdde-c87f2a4f32eb
  • msft-kb4056893-006fa0ad-ba96-48b9-9d76-ba3746a04127
  • msft-kb4056893-421eb4c2-e9fc-4207-b853-e9737bfe0c6b
  • msft-kb4056898-0d3e73e9-7aee-45b1-bddd-ce6148027c5c
  • msft-kb4056898-29159163-0da5-456d-92a5-9bd853a401ae
  • msft-kb4056898-e49bf5fe-3b30-4481-a05f-7430b7781056
  • msft-kb4056899-022a0fde-5645-4e2f-bcd8-76afad8c885f
  • msft-kb4056899-36017692-111d-4d1a-89b1-c84d62e29bdb
  • msft-kb4056899-b32ad9e9-eb8a-43dc-b203-c281a3dbe29a

References

View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;