Microsoft Windows ETL Channel Information Disclosure Vulnerability

A vulnerability exists in the Windows ETL Channel that allows an authorized attacker to locally disclose sensitive information by inserting it into a log file. This issue affects multiple Windows products and versions.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, specifically local memory addresses.

Remediation

Users can download the security update for this vulnerability via the Microsoft Update Catalog. Security Update KB5066836 is available for Windows Server 2016, Windows 10 Version 1607, Windows Server 2025, Windows 11 Version 24H2, and several other Windows 10 and Windows Server versions. For Windows 11 Version 23H2, the security update KB5066793 is available. Windows Server 2022 also has a security update available. Consult the Microsoft Update Catalog for the specific update needed.