High severity7.8NVD Advisory· Published Jun 15, 2017· Updated May 13, 2026
CVE-2017-0296
CVE-2017-0296
Description
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability".
Affected products
13- Microsoft Corporation/Microsoft Windowsv5Range: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:rt:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0296nvdMitigationPatchVendor Advisory
- www.securityfocus.com/bid/98839nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.