CVE-2017-0296

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Windows 7 SP1 Windows Server 2008 SP2 and R2 SP1 Windows 8.1 and Windows RT 8.1 Windows Server 2012 and R2 Windows 10 versions prior to the fixed version, including Gold, 1511, 1607, and 1703 Windows Server 2016

Description The issue is related to the tdx.sys component, which has inadequate access control and fails to properly check the length of a buffer before copying memory to it. This can be exploited by a local attacker to elevate their privileges. The vulnerability affects the Windows operating system and can be used to compromise the system.

Recommendations For Windows 7 SP1, update to a newer version that includes the fix for this issue. For Windows Server 2008 SP2 and R2 SP1, update to a newer version that includes the fix for this issue. For Windows 8.1 and Windows RT 8.1, update to a newer version that includes the fix for this issue. For Windows Server 2012 and R2, update to a newer version that includes the fix for this issue. For Windows 10 versions prior to the fixed version, including Gold, 1511, 1607, and 1703, update to a newer version that includes the fix for this issue. For Windows Server 2016, update to a newer version that includes the fix for this issue. As a temporary workaround, consider restricting access to the tdx.sys component until a patch is available.