Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0744Corporation Windows Kernel vulnerability

6 documents5 sources
Severity
7.0HIGHNVD
EPSS
6.7%
top 8.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
20
Microsoft Corporation Windows KernelMicrosoft Windows 10Microsoft Windows Server 2012+17 more
Timeline
PublishedJan 4
Latest updateMay 13

Description

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages19 packages

🔴Vulnerability Details

1
GHSA
GHSA-8476-xh7w-7xvv: The Windows kernel in Windows 82022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC Cache2018-01-05

📋Vendor Advisories

1
Microsoft
Windows Kernel Elevation of Privilege Vulnerability2018-01-09

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - January 20182018-01-09
Talos
Microsoft Patch Tuesday - January 20182018-01-09
CVE-2018-0744 — HIGH severity | cvebase