CVE-2018-8550
published 2018-11-14CVE-2018-8550: An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows…
PriorityP347high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
3.29%
87.0th percentile
An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_10_version_1709 | — | — |
| msrc | windows_10_version_1803 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1709 | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows COM Elevation of Privilege Vulnerability
vendor_msrc·2018-11-13·CVSS 7.0
CVE-2018-8550 [HIGH] Windows COM Elevation of Privilege Vulnerability
Windows COM Elevation of Privilege Vulnerability
Description: An elevation of privilege exists in Windows COM Aggregate Marshaler. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.
To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and another elevation of privilege) that could take advantage of the elevated privileges when running.
The update addresses the vulnerability by correcting how Windows COM Marshaler processes interface requests.
Microsoft Windows: Mi
GHSA
GHSA-9g8w-9cx8-4wg9: An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-05-13
CVE-2018-8550 [HIGH] GHSA-9g8w-9cx8-4wg9: An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability
An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
No detection rules found.
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Sfruttamento vulnerabilità
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research Jan 09, 2019 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits & Vulnerabilities
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research Jan 09, 2019 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Ausnutzung von Schwachstellen
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research Jan 09, 2019 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notab
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits & Vulnerabilities
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research 2019/01/09 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable of
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits y vulnerabilidades
## January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research Jan 09, 2019 Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited . Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits & Vulnerabilities
# January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research
Jan 09, 2019
Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited. Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable o
Trendmicro
January Patch Tuesday Contains Fixes for DHCP
blogs_trendmicro·2019-01-09·CVSS 9.8
[CRITICAL] January Patch Tuesday Contains Fixes for DHCP
Exploits & Vulnerabilities
# January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
By: Trend Micro Research
2019/01/09
Read time: ( words)
Save to Folio
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited. Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable of
http://www.securityfocus.com/bid/105805http://www.securitytracker.com/id/1042139https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8550https://www.exploit-db.com/exploits/45893/http://www.securityfocus.com/bid/105805http://www.securitytracker.com/id/1042139https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8550https://www.exploit-db.com/exploits/45893/
2018-11-14
Published