Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0880Corporation Windows Deskop Bridge vulnerability

10 documents6 sources
Severity
7.0HIGHNVD
EPSS
13.1%
top 5.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
11
Microsoft Corporation Windows Deskop BridgeMicrosoft Windows 10Microsoft Windows Server+8 more
Timeline
PublishedMar 14
Latest updateMay 13

Description

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages11 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-g28r-pqv2-9329: The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerabi2022-05-13
GHSA
GHSA-7j54-6vqj-8q42: The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerabi2022-05-13

💥Exploits & PoCs

2
Exploit-DB
Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation2018-06-20
Exploit-DB
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation2018-03-20

📋Vendor Advisories

1
Microsoft
Windows Desktop Bridge Elevation of Privilege Vulnerability2018-03-13

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - March 20182018-03-13
Talos
Microsoft Patch Tuesday - March 20182018-03-13
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-13-2018
CVE-2018-0880 — HIGH severity | cvebase