Microsoft: Virtual Secure Mode Information Disclosure Vulnerability
An information disclosure vulnerability exists when Windows Virtual Secure Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit the vulnerability, an attacker could run a specially crafted application on the target system. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The security update addresses the vulnerability by correcting how Windows Virtual Secure Mode handles objects in memory.