⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-07-21.

CVE-2018-8453Improper Resource Shutdown or Release in Microsoft Windows 10

CWE-404Improper Resource Shutdown or Release22 documents11 sources
Severity
7.8HIGHNVD
EPSS
81.3%
top 0.83%
CISA KEV
KEVRansomware
Added 2022-01-21
Due 2022-07-21
Exploit
Exploited in wild
Active exploitation observed
Affected products
11
Microsoft Windows 10Microsoft Windows 10 ServersMicrosoft Windows 7+8 more
Timeline
PublishedOct 10
KEV addedJan 21
Latest updateMay 13
KEV dueJul 21
CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5microsoft/windows_server_20085 versions+4
CVEListV5microsoft/windows_server_2012(Server Core installation)
CVEListV5microsoft/windows_server_2008_r2Itanium-Based Systems Service Pack 1, x64-based Systems Service Pack 1, x64-based Systems Service Pack 1 (Server Core installation)+2
CVEListV5microsoft/windows_server_2012_r2(Server Core installation)
CVEListV5microsoft/windows_10_serversversion 1709 (Server Core Installation), version 1803 (Server Core Installation)+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-8587-44mr-xf6j: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation2022-05-13
CVEList
CVE-2018-8453: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation2018-10-10
VulnCheck
Microsoft Win32k Privilege Escalation Vulnerability2018

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)2019-07-17

🔍Detection Rules

2
Suricata
ET MALWARE FruityArmor DNS Lookup (shelves-design .com)2018-10-10
Suricata
ET MALWARE FruityArmor DNS Lookup (weekendstrips .net)2018-10-10

📋Vendor Advisories

2
CISA
Microsoft Win32k Privilege Escalation Vulnerability2022-01-21
Microsoft
Win32k Elevation of Privilege Vulnerability2018-10-09

🕵️Threat Intelligence

7
Securelist
Sodin ransomware exploits Windows vulnerability and processor architecture2019-07-03
Securelist
Sodin ransomware exploits Windows vulnerability and processor architecture2019-07-03
Securelist
New zero-day vulnerability CVE-2019-0859 in win32k.sys2019-04-15
Trendmicro
Patch Tuesday Fixes Zero-Day Win32k Bug2018-11-14
Krebs
Patch Tuesday, October 2018 Edition2018-10-11
CVE-2018-8453 — Improper Resource Shutdown or Release | cvebase