CVE-2018-8435 — Insufficient Entropy in Microsoft Windows 10

CWE-331 — Insufficient Entropy4 documents4 sources

Severity

4.2MEDIUMNVD

EPSS

0.6%

top 31.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows 10 Servers Microsoft Windows Server 2016

Timeline

PublishedSep 13

Latest updateMay 13

Description

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.5 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5microsoft/windows_10_serversversion 1709 (Server Core Installation), version 1803 (Server Core Installation)+1

▶CVEListV5microsoft/windows_server_2016(Server Core installation)

▶NVDmicrosoft/windows1709, 1803+1

▶CVEListV5microsoft/windows_105 versions+4

▶NVDmicrosoft/windows_104 versions+3

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-qrgc-h67x-rj3x: A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security↗2022-05-13

▶

CVEList

CVE-2018-8435: A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security↗2018-09-13

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Security Feature Bypass Vulnerability↗2018-09-11

▶