Microsoft Security Response Center

*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.

*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

*Is the Preview Pane an attack vector for this vulnerability?* No, the Preview Pane is not an attack vector.

*If my server is not configured to be a DNS server, it is vulnerable?* No, this vulnerability is only exploitable if the server is configured to be a DNS server.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.

*What security feature could be bypassed by exploiting this vulnerability?* This vulnerability could allow an attacker to bypass Extended Protection for Authentication provided by SPN target name validation.

*How could an attacker exploit this vulnerability?* For successful exploitation, this vulnerability could allow a malicious guest VM to read kernel memory in the host. To trigger this vulnerability the guest VM requires a memory allocation error to first occur on the guest VM. This bug could be used for a VM escape from guest to host.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

*What type of information could be disclosed by this vulnerability?* The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process.