Windows Kernel Information Disclosure Vulnerability CVE-2019-1125

[German]On August 6, 2019, Microsoft released updated security information on the CVE-2019-1125 (Spectre 1 Windows Kernel Information Disclosure Vulnerability) vulnerability.


Title: Microsoft Security Update Releases
Issued: August 6, 2019

The following CVE has undergone a major revision increment: CVE-2019-1125

Revision Information:

– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: August 6, 2019
– Updated: N/A
– Aggregate CVE Severity Rating: Important

What is CVE-2019-1125?

The CVE-2019-1125 vulnerability allows disclosure of Windows kernel information. The Spectre vulnerability can be exploited when certain central processing units (CPUs) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.


However, the vulnerability can only be exploited locally. To exploit this vulnerability, an attacker must log on to an affected system and run a specially developed application. The vulnerability would not allow an attacker to directly increase user privileges. But the vulnerability could be used to obtain information that could be used to attempt to further compromise the affected system.


On January 3, 2018, Microsoft released consulting and security updates related to a newly discovered class of hardware vulnerabilities (known as Spectre) affecting speculative subchannels for execution that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the speculative side-channel vulnerability Spectre Variant 1 and has been marked CVE-2019-1125.

Microsoft released security updates for Windows on July 9, 2019 that fix the vulnerability through a software change.  The update changes the way the CPU speculatively accesses memory and mitigates the vulnerability. Note that this vulnerability does not require a microcode update from your device OEM.


This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *