Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0882Corporation Windows Deskop Bridge vulnerability

9 documents6 sources
Severity
7.0HIGHNVD
EPSS
10.0%
top 6.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
8
Microsoft Corporation Windows Deskop BridgeMicrosoft Windows 10Microsoft Windows Server+5 more
Timeline
PublishedMar 14
Latest updateMay 13

Description

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages8 packages

CVEListV5microsoft_corporation/windows_deskop_bridgeWindows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-g28r-pqv2-9329: The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerabi2022-05-13
GHSA
GHSA-7j54-6vqj-8q42: The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerabi2022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation2018-03-20

📋Vendor Advisories

1
Microsoft
Windows Desktop Bridge Elevation of Privilege Vulnerability2018-03-13

🕵️Threat Intelligence

3
Talos
Microsoft Patch Tuesday - March 20182018-03-13
Talos
Microsoft Patch Tuesday - March 20182018-03-13
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-13-2018
CVE-2018-0882 — HIGH severity | cvebase