Endpoint Vulnerability

Windows Performance Monitor Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

Affected Products

Windows 10,Windows 7,Windows 8,Windows Server 2008,Windows Server 2012,Windows Server 2016

References

CVE-2017-0170,