CVE-2018-0828 — Insufficiently Protected Credentials in Corporation Windows

CWE-522 — Insufficiently Protected Credentials5 documents4 sources

Severity

7.8HIGHNVD

EPSS

1.0%

top 23.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Microsoft Windows 10 Msrc Windows 10 Version 1607 FOR 32-bit Systems +2 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

▶NVDmicrosoft/windows_101607

▶CVEListV5microsoft_corporation/windowsWindows 10 version 1607 and Windows Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5vf7-7pjq-2fqj: Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Windows Elevation of Privilege Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶