Microsoft Windows Telnet Client Information Disclosure Vulnerability

A vulnerability allowing out-of-bounds read has been identified in the Telnet client of various Microsoft Windows operating systems. This issue allows an unauthorized attacker to disclose information over the network. The vulnerability arises because the Telnet client can improperly handle certain authentication responses, potentially leading to the exposure of limited sensitive information from system memory. This could include data being processed by the Telnet client during the connection.

Impact

Successful exploitation could allow an attacker to access restricted sensitive information from system memory, which may include private data being handled by the Telnet client at the time of the connection. Additionally, the vulnerability could cause intermittent disruptions or decreased performance in the affected application.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5087544, KB5087538, KB5087420, KB5087423, KB5087537, KB5087541, KB5087470, KB5087471, and KB5089548.