CVE-2017-11818 — Corporation Microsoft Windows Storage vulnerability

CWE-2544 documents4 sources

Severity

4.5MEDIUMNVD

EPSS

1.7%

top 17.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Windows Storage Microsoft Windows 10 Microsoft Windows Server 2012 +14 more

Timeline

PublishedOct 13

Latest updateMay 14

Description

The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.0 | Impact: 3.4

Affected Packages17 packages

▶CVEListV5microsoft_corporation/microsoft_windows_storageMicrosoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2012_r2

▶NVDmicrosoft/windowsr2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5cx-4469-frm4: The Microsoft Windows Storage component on Microsoft Windows 8↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows Storage Security Feature Bypass Vulnerability↗2017-10-10

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - October 2017↗2017-10-10

▶