Description
A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / Windows 101703 – 1703
- Microsoft / Windows 101709 – 1709
- Microsoft / Windows 101903 – 1903
- Microsoft / windows_10_1507
- Microsoft / windows_10_1507
- Microsoft / windows_10_1607
- Microsoft / windows_10_1607
- Microsoft / windows_10_1803
- Microsoft / windows_10_1803
- Microsoft / windows_10_1809
- Microsoft / windows_10_1809
- Microsoft / windows_10_1809
- Microsoft / Windows 7
- Microsoft / Windows 7
- Microsoft / Windows 8.1
- Microsoft / Windows 8.1
- Microsoft / windows_rt_8.1
- Microsoft / windows_server_1803
- Microsoft / windows_server_1903
- Microsoft / windows_server_2008
- Microsoft / windows_server_2008_R2
- Microsoft / windows_server_2008_R2
- Microsoft / windows_server_2008_sp2
- Microsoft / windows_server_2008_sp2
- Microsoft / Windows Server 2012
- Microsoft / Windows Server 2012 R2
- Microsoft / Windows Server 2016
- Microsoft / Windows Server 2019