CVE-2018-0831 — Corporation Windows vulnerability

6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.9%

top 24.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Microsoft Windows 10 Microsoft Windows Server 2016 +8 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

▶msrcmsrc/windows_server_version_1709

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1709_for_32-bit_systems

▶msrcmsrc/windows_10_version_1709_for_x64-based_systems

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vv68-8xrp-hprf: The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege v↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Windows Kernel Elevation of Privilege Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

💬Community

Bugzilla

CVE-2018-13053 kernel: Integer overflow in the alarm_timer_nsleep function↗2018-07-03

▶