{"id":10684,"date":"2019-08-07T00:15:00","date_gmt":"2019-08-06T22:15:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=10684"},"modified":"2021-12-01T23:29:23","modified_gmt":"2021-12-01T22:29:23","slug":"windows-kernel-information-disclosure-vulnerability-cve-2019-1125","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/08\/07\/windows-kernel-information-disclosure-vulnerability-cve-2019-1125\/","title":{"rendered":"Windows Kernel Information Disclosure Vulnerability CVE-2019-1125"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/?p=221398\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]On August 6, 2019, Microsoft released updated security information on the CVE-2019-1125 (Spectre 1 Windows Kernel Information Disclosure Vulnerability) vulnerability.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg08.met.vgwort.de\/na\/3cc1fe6ed71c4df0918bfed9c35a0d9f\" alt=\"\" width=\"1\" height=\"1\" \/>***************************************************************************<br \/>\nTitle: Microsoft Security Update Releases<br \/>\nIssued: August 6, 2019<br \/>\n***************************************************************************<\/p>\n<p>The following CVE has undergone a major revision increment: CVE-2019-1125<\/p>\n<p>Revision Information:<\/p>\n<p>&#8211; <a href=\"https:\/\/web.archive.org\/web\/20201005125452\/https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-1125\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-1125<\/a><br \/>\n&#8211; Version: 1.0<br \/>\n&#8211; Reason for Revision: Information published.<br \/>\n&#8211; Originally posted: August 6, 2019<br \/>\n&#8211; Updated: N\/A<br \/>\n&#8211; Aggregate CVE Severity Rating: Important<\/p>\n<h2>What is CVE-2019-1125?<\/h2>\n<p>The <a href=\"https:\/\/web.archive.org\/web\/20201005125452\/https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-1125\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-1125<\/a> vulnerability allows disclosure of Windows kernel information. The Spectre vulnerability can be exploited when certain central processing units (CPUs) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.<\/p>\n<p>However, the vulnerability can only be exploited locally. To exploit this vulnerability, an attacker must log on to an affected system and run a specially developed application. The vulnerability would not allow an attacker to directly increase user privileges. But the vulnerability could be used to obtain information that could be used to attempt to further compromise the affected system.<\/p>\n<h2>History<\/h2>\n<p>On January 3, 2018, Microsoft released consulting and security updates related to a newly discovered class of hardware vulnerabilities (known as Spectre) affecting speculative subchannels for execution that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the speculative side-channel vulnerability Spectre Variant 1 and has been marked CVE-2019-1125.<\/p>\n<p>Microsoft released <a href=\"https:\/\/web.archive.org\/web\/20201005125452\/https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-1125\" target=\"_blank\" rel=\"noopener noreferrer\">security updates<\/a> for Windows on July 9, 2019 that fix the vulnerability through a software change.\u00a0 The update changes the way the CPU speculatively accesses memory and mitigates the vulnerability. Note that this vulnerability does not require a microcode update from your device OEM.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]On August 6, 2019, Microsoft released updated security information on the CVE-2019-1125 (Spectre 1 Windows Kernel Information Disclosure Vulnerability) vulnerability.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[1079,194],"class_list":["post-10684","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-sicherheit","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=10684"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/10684\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=10684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=10684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=10684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}