Tag
#windows
**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
**How could an attacker exploit this vulnerability?** An unauthenticated attacker could perform a man-in-the-middle network exploit to downgrade a client's encryption to the RC4-md4 cypher, followed by cracking the user's cypher key. The attacker could then compromise the user's Kerberos session key to elevate privileges.
**How could an attacker exploit this vulnerability?** An unauthenticated attacker could exploit the vulnerability by sending specially crafted network traffic to the TLS server and could cause it to crash.
**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of the vulnerability requires that a user to log in to Windows.
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.
**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.
**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.