Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0970: Windows Kernel Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2018-0970: Windows Kernel Information Disclosure Vulnerability

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

04/10/2018

Created

07/25/2018

Added

04/10/2018

Modified

11/18/2021

Description

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.

Solution(s)

msft-kb4093107-08089676-57b7-4989-a27a-3759fa8d6293
msft-kb4093107-50d58037-2bcc-4a70-88ee-08807c15d7c1
msft-kb4093108-1d1cb9c6-7ef7-4e83-9f52-95e1d0ef54bb
msft-kb4093108-5ab9137e-af74-4e57-b0f1-705b81b17b16
msft-kb4093108-954a4dc7-6623-4156-95d1-ae1296052bf6
msft-kb4093108-c25445cd-6e70-42fb-965f-7650e629cc42
msft-kb4093108-ddf70c2c-fdf0-4bc4-832a-b4bdd9a9bd5a
msft-kb4093108-fdb39582-acbc-49a7-afc7-db964d5d5413
msft-kb4093109-98ac416f-e0b8-4ced-9de8-d229b75b4d7a
msft-kb4093109-a4bfa4a8-f44e-4592-86ec-e8d606a3834a
msft-kb4093111-8d8e864a-f255-490d-98b0-4a825a5cae59
msft-kb4093111-d5034640-e881-4563-bfe3-d0c3fc27fa1e
msft-kb4093112-7a639cb5-17a8-47d3-8879-3a2827b51b56
msft-kb4093112-7dd55f48-a1f3-4945-80c1-5ce237a6a28d
msft-kb4093112-936c76bd-d063-4f5c-82d9-7fb5dcbf720d
msft-kb4093115-33be9fcf-aef5-44fd-8164-e6b8baa88549
msft-kb4093115-3e702be9-b9bc-4b70-b160-817a26632ea1
msft-kb4093115-81e4444c-9216-4f74-a267-4d7c8c42f6f8
msft-kb4093119-6dff2995-bf8d-4ef1-81b1-c1bc64b59b80
msft-kb4093119-74292a2d-143e-450b-bdff-d56ac8c86c4f
msft-kb4093122-7b6c7ed3-bab7-4d73-ad38-cfcdaab846e5
msft-kb4093122-949531df-8de4-475b-86d2-fa067d821b05
msft-kb4093122-f154d39f-4ccb-4603-b95f-44fd13ba8824
msft-kb4093478-06191bbc-6673-4bf3-9b2d-ea430f579f09
msft-kb4093478-48fd4349-96e0-4e4e-9795-70f2b54bdce8
msft-kb4093478-edcc03d5-3fa4-46b2-93fa-12748220c1f8
msft-kb4093119-d00807b9-f15f-4e04-a1f3-b94cd2d3f66a

References

https://attackerkb.com/topics/cve-2018-0970
CVE - 2018-0970
4093107
4093108
4093109
4093111
4093112
4093114
4093115
4093118
4093119
4093122
4093123
4093478

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0970: Windows Kernel Information Disclosure Vulnerability

Microsoft CVE-2018-0970: Windows Kernel Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.