CVE-2018-8327
published 2018-07-11CVE-2018-8327: A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
21.17%
97.3th percentile
A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | powershell | < 1.7.0 | 1.7.0 |
| microsoft | powershell_editor | — | — |
| microsoft | powershell_editor_services | < 1.7.0 | 1.7.0 |
| microsoft | powershell_extension | — | — |
| msrc | powershell_editor_services | — | — |
| msrc | powershell_extension_for_visual_studio_code | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists in PowerShell Editor Services and is exploited by attacking local connections to the PowerShell Editor Services process. Monitor for unexpected or unauthorized connections to the PowerShell Editor Services process. ↗
- →The root cause is insecure local connection handling in PowerShell Editor Services. Detection should focus on anomalous process activity or unexpected code execution originating from a PowerShell Editor Services process. ↗
- ·Affected versions are those prior to v1.8.0 of PowerShell Editor Services. The fix is documented in the v1.8.0 release notes. Verify installed version to determine exposure. ↗
- ·As of the advisory, this vulnerability had not been publicly exploited (Exploited: No, Publicly Disclosed: No), reducing immediate urgency but patching is still recommended. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47pm-99w9-6mx8: A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-13
CVE-2018-8327 [CRITICAL] GHSA-47pm-99w9-6mx8: A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability
A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.
Microsoft
PowerShell Editor Services Remote Code Execution Vulnerability
vendor_msrc·2018-07-10·CVSS 9.8
CVE-2018-8327 [CRITICAL] PowerShell Editor Services Remote Code Execution Vulnerability
PowerShell Editor Services Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in PowerShell Editor Services. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.
In an attack scenario, an attacker could execute malicious code in a PowerShell Editor Services process.
The update addresses the vulnerability by correcting how PowerShell Editor Services secures local connections.
FAQ: How do I know if I am affected by this vulnerability?
Please follow the steps documented in the Release Notes.
Microsoft PowerShell: Microsoft PowerShell
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Expl
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - July 2018
blogs_talos·2018-07-10·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - July 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's release addresses 53 new vulnerabilities, 17 of which are rated critical, 34 are rated important, one is rated moderate, and one is rated as low severity. These vulnerabilities impact Windows Operating System, Edge, Internet Explorer and more.
In addition to the 53 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180017, which addresses the vulnerabilities described in the Adobe security bulletin APSB18-24.
## Critical vulnerabilitiesThis month, Microsoft is addressing 17 vulnerabilities that are rated as critical:
CVE-2018-8242 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-
Talos
Microsoft Patch Tuesday - July 2018
blogs_talos·2018-07-10·CVSS 7.5
[HIGH] Microsoft Patch Tuesday - July 2018
## Microsoft Patch Tuesday - July 2018
Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's release addresses 53 new vulnerabilities, 17 of which are rated critical, 34 are rated important, one is rated moderate, and one is rated as low severity. These vulnerabilities impact Windows Operating System, Edge, Internet Explorer and more.
In addition to the 53 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180017 , which addresses the vulnerabilities described in the Adobe security bulletin APSB18-24 .
## Critical vulnerabilities This month, Microsoft is addressing 17 vulnerabilities that are rated as critical:
CVE-2018-8242 - Scripting Engin
http://www.securityfocus.com/bid/104649http://www.securitytracker.com/id/1041251https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8327http://www.securityfocus.com/bid/104649http://www.securitytracker.com/id/1041251https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8327
2018-07-11
Published