CVE-2018-8140
published 2018-06-14CVE-2018-8140: An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of…
PriorityP181medium6.8CVSS 3.0
AVPACLPRNUINSUCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
1.64%
73.5th percentile
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1709_for_32-bit_systems | — | — |
| msrc | windows_10_version_1709_for_x64-based_systems | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_server_version_1709 | — | — |
| msrc | windows_server_version_1803 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires physical or console access to the target system with Cortana assistance enabled ↗
- →Vulnerability is in Windows Shell component (Cortana) — monitor for elevated command execution originating from Cortana/shell input services on locked or restricted sessions ↗
- ·Vulnerability only applies to Windows 10 and Windows 10 Servers with Cortana assistance enabled; disabling Cortana mitigates exposure ↗
- ·Exploit status is publicly disclosed: No; Exploited: No — no known in-the-wild exploitation as of patch release ↗
CVSS provenance
nvdv3.06.8MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
vendor_msrc6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-92mr-w7qg-jrxh: An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Ele
ghsa_unreviewed·2022-05-13
CVE-2018-8140 [MEDIUM] GHSA-92mr-w7qg-jrxh: An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Ele
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.
VulnCheck
Cortana Elevation of Privilege
vulncheck·2018·CVSS 6.8
CVE-2018-8140 [MEDIUM] Cortana Elevation of Privilege
Cortana Elevation of Privilege
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://know.netenrich.com/blog/ragnar-locker-petya-and-ryuk-know-your-ransomware/
Microsoft
Cortana Elevation of Privilege Vulnerability
vendor_msrc·2018-06-12·CVSS 6.8
CVE-2018-8140 [MEDIUM] Cortana Elevation of Privilege Vulnerability
Cortana Elevation of Privilege Vulnerability
Description: An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status.
An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.
To exploit the vulnerability, an attacker would require physical/console access and the system would need to have Cortana assistance enabled.
The security update addresses the vulnerability by ensuring Cortana considers status when retrieves information from input services.
Windows Shell: Windows Shell
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Reference: ht
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/104354http://www.securitytracker.com/id/1041108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8140http://www.securityfocus.com/bid/104354http://www.securitytracker.com/id/1041108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8140
2018-06-14
Published
Exploited in the wild