Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0743 — Corporation Windows Subsystem FOR Linux vulnerability

6 documents5 sources

Severity

7.0HIGHNVD

EPSS

6.6%

top 8.79%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Windows Subsystem FOR Linux Microsoft Windows 10 Microsoft Windows Server 2016 +5 more

Timeline

PublishedJan 4

Latest updateMay 13

Description

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages8 packages

▶msrcmsrc/windows_server_version_1709

▶msrcmsrc/windows_10_version_1709_for_32-bit_systems

▶msrcmsrc/windows_10_version_1709_for_x64-based_systems

▶msrcmsrc/windows_10_version_1703_for_32-bit_systems

▶CVEListV5microsoft_corporation/windows_subsystem_for_linuxWindows 10 version 1703, Windows 10 version1709, and Windows Server, version 1709

Patches

Patch: github.com ↗Patch: portal.msrc.microsoft.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-hh9m-g5p9-8fw8: Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vul↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation↗2018-02-02

▶

📋Vendor Advisories

Microsoft

Windows Subsystem for Linux Elevation of Privilege Vulnerability↗2018-01-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶

Talos

Microsoft Patch Tuesday - January 2018↗2018-01-09

▶