Endpoint Vulnerability

Microsoft: Virtual Secure Mode Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists when Windows Virtual Secure Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit the vulnerability, an attacker could run a specially crafted application on the target system. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The security update addresses the vulnerability by correcting how Windows Virtual Secure Mode handles objects in memory.

Affected Products

Windows 10

References

CVE-2016-7220,