CVE-2017-8576 — Improper Initialization in Corporation Microsoft Windows

CWE-665 — Improper Initialization3 documents3 sources

Severity

7.0HIGHNVD

EPSS

1.3%

top 20.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Windows Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems +8 more

Timeline

PublishedJun 29

Latest updateMay 13

Description

The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages11 packages

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶msrcmsrc/windows_server_2016

▶CVEListV5microsoft_corporation/microsoft_windowsWindows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-2c7m-5pjf-cf2m: The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Microsoft Graphics Component Elevation of Privilege Vulnerability↗2017-06-13

▶