According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Why does this CVE indicate that the vulnerability has been publicly disclosed? This underlying vulnerability is due to an issue in the microarchitecture of certain ARM-based cores. Microsoft issued this CVE to document the Windows updates that address this underlying problem. This update mitigates against this vulnerability. For more information on this public disclosure, please see: Prefetcher Side Channels: Armv8 Security Bulletin. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.