CVE-2017-8579 — Improper Preservation of Permissions in Corporation Microsoft Windows

CWE-281 — Improper Preservation of Permissions5 documents4 sources

Severity

7.0HIGHNVD

EPSS

0.7%

top 28.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Windows Microsoft Windows 10 Msrc Windows 10 FOR 32-bit Systems +8 more

Timeline

PublishedJun 29

Latest updateMay 13

Description

The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages11 packages

▶msrcmsrc/windows_server_2016

▶NVDmicrosoft/windows_101511, 1607, 1703+2

▶CVEListV5microsoft_corporation/microsoft_windowsWindows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-m26g-pfvj-g9mg: The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code i↗2022-05-13

▶

📋Vendor Advisories

Microsoft

DirectX Elevation of Privilege Vulnerability↗2017-06-13

▶

🕵️Threat Intelligence

Unit42

Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency↗2018-03-05

▶

Unit42

Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency↗2018-03-05

▶