Unrated severityNVD Advisory· Published Jan 28, 2009· Updated Apr 23, 2026

CVE-2009-0320

Description

Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."

Affected products

Microsoft/Windows Server 2003
cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
Microsoft/Windows Server 2008
cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
Microsoft/Windows Vista
cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
Microsoft/Windows Xp
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000