header-logo
Suggest Exploit
vendor:
Windows
by:
Project Zero
5.5
CVSS
MEDIUM
Uninitialized Memory Disclosure
825
CWE
Product Name: Windows
Affected Version From: Windows 10
Affected Version To: Windows 10
Patch Exists: YES
Related CWE:
CPE: o:microsoft:windows
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
Unknown

Disclosure of Uninitialized Pool Memory in nt!NtTraceControl System Call

The handler of the nt!NtTraceControl system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10 systems. The uninitialized values are copied back to user-mode, which can potentially expose sensitive information.

Mitigation:

Apply the patch provided by the vendor.
Source

Exploit-DB raw data: