Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0821 — Improper Privilege Management in Corporation Appcontainer

CWE-269 — Improper Privilege Management6 documents5 sources

Severity

7.0HIGHNVD

EPSS

1.6%

top 18.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Appcontainer Microsoft Windows 10 Microsoft Windows Server 2016 +12 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages15 packages

▶msrcmsrc/windows_server_version_1709

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1709_for_32-bit_systems

▶msrcmsrc/windows_10_version_1709_for_x64-based_systems

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r6fx-jrgq-cfcw: AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vuln↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Constrained Impersonation Capability Privilege Escalation↗2018-02-20

▶

📋Vendor Advisories

Microsoft

Windows AppContainer Elevation Of Privilege Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶