CVE-2017-8590Improper Preservation of Permissions in Microsoft Windows Server 2008

CWE-281Improper Preservation of Permissions4 documents4 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 23.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Microsoft Windows Server 2008Microsoft Windows Server 2012Msrc Windows 10+11 more
Timeline
PublishedJul 11
Latest updateMay 13

Description

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages13 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-5qjj-r3mq-x5vj: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 82022-05-13

📋Vendor Advisories

1
Microsoft
Windows Common Log File System Driver Elevation of Privilege Vulnerability2017-07-11

🕵️Threat Intelligence

1
Talos
Microsoft Patch Tuesday - July 20172017-07-11