{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-0000f7d80b0c","releaseDate":"2021-07-13T07:00:00Z","cveNumber":"CVE-2021-34500","cveTitle":"Windows Kernel Memory Information Disclosure Vulnerability","releaseNumber":"2021-Jul","vulnType":"Security Vulnerability","latestRevisionDate":"2022-02-08T08:00:00Z","cweList":[],"mitreText":"CVE-2021-34500","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2021-34500","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":2,"olderSoftwareRelease":"Exploitation Less Likely","denialOfService":"N/A","tag":"Windows Kernel","issuingCna":"Microsoft","severityId":100000001,"severity":"Important","impactId":100000003,"impact":"Information Disclosure","langCode":"en-US","baseScore":"6.3","temporalScore":"5.5","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C","isMariner":false,"articles":[{"articleType":"FAQ","description":"
What type of information could be disclosed by this vulnerability?
\nThe type of information that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security boundary.
\n","ordinal":10000},{"articleType":"FAQ","description":"What type of information could be disclosed by this vulnerability?
\nThe type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory from the file cache. This could include unintentional read access to memory contents in kernel space from a user mode process, and on a Hyper-V server this could result in Guest VM to Hyper-V host server memory content disclosure.
\n","ordinal":10000},{"articleType":"FAQ","description":"According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
\nSuccessful exploitation of this vulnerability requires an attacker to win a race condition.
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2021-34500","version":1.0,"revisionDate":"2021-07-13T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"Information published.
\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"d4a7cc8c-30ca-eb11-a83f-000d3a6d3364"},{"cveNumber":"CVE-2021-34500","version":2.0,"revisionDate":"2022-02-08T08:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"To comprehensively address CVE-2021-34500, Microsoft has released February 2022 security updates for the following supported editions of Microsoft Windows: Windows 10, Windows 10 Version 1607, Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
\n","unformattedDescription":"To comprehensively address CVE-2021-34500, Microsoft has released February 2022 security updates for the following supported editions of Microsoft Windows: Windows 10, Windows 10 Version 1607, Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.","notificationNeeded":false,"notificationSent":false,"sourceId":"8b1bc063-4c88-ec11-a852-000d3a6d3364"}]}