Zero-Day Advisory

Fortinet Discovers Microsoft Windows Kernel Integer Overflow Vulnerability


Fortinet's FortiGuard Labs has discovered an integer overflow vulnerability within the Ntoskrnl component of Microsoft Windows.
Ntoskrnl (short for Windows NT operating system kernel) provides the kernel and executive layers of the Windows NT kernel space, and is responsible for various system services such as hardware virtualization, process and memory management, thus making it a fundamental part of the system.
The integer overflow vulnerability can be triggered by loading malicious registry hive files. Successful exploitation of this issue could lead to local privilege elevation.


Users should apply the solution provided by Microsoft.

Additional Information

Following products are affected by this vulnerability.

Windows Vista

Windows 7

Windows 8.1

Windows RT 8.1

Windows 10

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2


This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.