Primary

Context

Microsoft Windows and Windows Server Information Disclosure Vulnerability in Capability Access Management Service

Vulnerability

A vulnerability allowing out-of-bounds read has been identified in the Capability Access Management Service (camsvc) on Microsoft Windows and Windows Server platforms. This vulnerability allows an authorized attacker to locally disclose information by reading the memory of the Capability Access Manager service.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure by allowing an attacker to read sensitive data from the memory of the affected service.

Remediation

Users can apply the security update provided by Microsoft to address this vulnerability. Instructions for downloading the security update are available through the Microsoft Update Catalog. Specific knowledge base article links for each affected product version are also provided in the security update guide.

Added: Jan 13, 2026, 8:05 PM

Updated: Jan 13, 2026, 8:05 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Windows and Windows Server Information Disclosure Vulnerability in Capability Access Management Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating