Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0752Incorrect Permission Assignment in Corporation Windows Kernel

CWE-732Incorrect Permission AssignmentCWE-269Improper Privilege Management12 documents6 sources
Severity
7.8HIGHNVD
NVD7.1
EPSS
3.9%
top 11.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
20
Microsoft Corporation Windows KernelMicrosoft Windows 10Microsoft Windows Server 2012+17 more
Timeline
PublishedJan 4
Latest updateMay 13

Description

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages19 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-f7c8-ppgq-wfqr: The Windows Kernel API in Windows 82022-05-13
GHSA
GHSA-w8xm-xfv6-7g76: The Windows Kernel API in Windows 82022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege Escalation2018-01-11

📋Vendor Advisories

1
Microsoft
Windows Elevation of Privilege Vulnerability2018-01-09

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - January 20182018-01-09
Talos
Microsoft Patch Tuesday - January 20182018-01-09
CVE-2018-0752 — Incorrect Permission Assignment | cvebase