CVE-2017-0170

Name of the Vulnerable Software and Affected Versions Windows Performance Monitor versions in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 versions Gold, 1511, 1607, 1703, and Windows Server 2016

Description The issue allows attackers to obtain sensitive information and affect the system due to the way it parses XML input.

Recommendations For Windows Server 2008 SP2 and R2 SP1, consider restricting access to the Windows Performance Monitor until a fix is available. For Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 versions Gold, 1511, 1607, 1703, and Windows Server 2016, restrict the use of XML input parsing in the Windows Performance Monitor to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.