Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0822 — Corporation Ntfs vulnerability

6 documents5 sources

Severity

7.0HIGHNVD

EPSS

3.1%

top 13.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Ntfs Microsoft Windows 10 Microsoft Windows Server 2016 +12 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages15 packages

▶msrcmsrc/windows_server_version_1709

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1709_for_32-bit_systems

▶msrcmsrc/windows_10_version_1709_for_x64-based_systems

▶msrcmsrc/windows_10_version_1511_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-9j2v-99xr-mq59: NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerabilit↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Global Reparse Point Security Feature Bypass/Elevation of Privilege↗2018-02-20

▶

📋Vendor Advisories

Microsoft

Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶