4.7 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.2%
Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre and Meltdown). An additional vulnerability involving side channel speculative execution has been announced and assigned CVE-2018-3665.
An attacker locally could cause information stored in FP (Floating Point), MMX, and SSE register state to be disclosed across security boundaries on Intel Core family CPUs through speculative execution. An attacker must be able to execute code locally on a system in order to exploit this vulnerability, similar to the other speculative execution vulnerabilities.
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
support.microsoft.com/kb/4338818
support.microsoft.com/kb/4338821
support.microsoft.com/kb/4338823
support.microsoft.com/kb/4341832
support.microsoft.com/kb/4343899
support.microsoft.com/kb/4343900
support.microsoft.com/kb/4345459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3665
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180016
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-7/
threats.kaspersky.com/en/product/Microsoft-Windows-8/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2008/
threats.kaspersky.com/en/product/Microsoft-Windows-Server-2012/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
4.7 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.2%