CVE-2018-8253 — Microsoft Windows 10 vulnerability

5 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.8%

top 25.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows Server 2016 Msrc Windows 10 Version 1607 FOR 32-bit Systems +2 more

Timeline

PublishedAug 15

Latest updateMay 13

Description

An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5microsoft/windows_server_2016(Server Core installation)

▶CVEListV5microsoft/windows_10Version 1607 for 32-bit Systems, Version 1607 for x64-based Systems+1

▶NVDmicrosoft/windows_101607

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_10_version_1607_for_32-bit_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vr2w-wm3v-j642: An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elev↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Microsoft Cortana Elevation of Privilege Vulnerability↗2018-08-14

▶

🕵️Threat Intelligence

Talos

Microsoft Tuesday August 2018↗2018-08-14

▶

Talos

Microsoft Tuesday August 2018↗2018-08-14

▶