Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0826 — Corporation Windows Storage Services vulnerability

6 documents5 sources

Severity

7.0HIGHNVD

EPSS

3.1%

top 13.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Windows Storage Services Microsoft Windows 10 Microsoft Windows Server 2016 +10 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages13 packages

▶msrcmsrc/windows_server_version_1709

▶CVEListV5microsoft_corporation/windows_storage_servicesWindows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1709_for_32-bit_systems

▶msrcmsrc/windows_10_version_1709_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-x2pc-9gc4-6xm6: Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation↗2018-02-20

▶

📋Vendor Advisories

Microsoft

Windows Storage Services Elevation of Privilege Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶