Primary

Context

Microsoft Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in the Windows WLAN AutoConfig Service. This issue arises from an out-of-bounds read, which could enable an attacker to access small portions of heap memory. The vulnerability affects multiple Windows versions, including various editions of Windows 10, Windows 11, Windows Server 2016, and Windows Server 2022.

Impact

Exploitation of this vulnerability could lead to unauthorized reading of memory, potentially allowing for information disclosure.

Remediation

Users can apply the security updates provided by Microsoft to address this vulnerability. These security updates can be downloaded via the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5050009, KB5049993, KB5049981, and KB5049983.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Windows Server

Microsoft Windows 11

Microsoft Windows 10

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating