Endpoint Vulnerability

Microsoft: Windows Virtual PCI Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists when the Windows Virtual PCI (VPCI) virtual service provider (VSP) fails to properly handle uninitialized memory. An attacker who successfully exploited this vulnerability could potentially disclose contents of memory to which the attacker should not have access. To exploit the vulnerability, an attacker would first have to log on to the target system. An attacker could then run a specially crafted application that could exploit the vulnerability. The vulnerability would not allow an attacker to execute code or elevate user rights directly, but it could be used to obtain information that could be used to attempt to further compromise the affected system. The update addresses the vulnerability by correcting VPCI memory handling.

Affected Products

Windows Server 2012

References

CVE-2016-3232,