CVE-2018-8210 — Improper Resource Shutdown or Release in Microsoft Windows 10

CWE-404 — Improper Resource Shutdown or Release4 documents4 sources

Severity

7.8HIGHNVD

EPSS

3.3%

top 12.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows 10 Servers Microsoft Windows 8.1 +4 more

Timeline

PublishedJun 14

Latest updateMay 13

Description

A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5microsoft/windows_server_2012(Server Core installation)

▶CVEListV5microsoft/windows_server_2012_r2(Server Core installation)

▶CVEListV5microsoft/windows_10_serversversion 1709 (Server Core Installation), version 1803 (Server Core Installation)+1

▶CVEListV5microsoft/windows_server_2016(Server Core installation)

▶NVDmicrosoft/windowsr2, 1709, 1803+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qvrq-ghv8-qfgh: A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability↗2022-05-13

▶

CVEList

CVE-2018-8210: A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability↗2018-06-14

▶

📋Vendor Advisories

Microsoft

Windows Remote Code Execution Vulnerability↗2018-06-12

▶