⚠ Actively exploited

Added to CISA KEV on 2022-05-23. Federal agencies required to patch by 2022-06-13. Required action: Apply updates per vendor instructions..

CVE-2018-8589 — Microsoft Windows 7 vulnerability

21 documents10 sources

Severity

7.8HIGHNVD

EPSS

50.4%

top 2.15%

CISA KEV

KEV

Added 2022-05-23

Due 2022-06-13

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2

Timeline

PublishedNov 14

KEV addedMay 23

KEV dueJun 13

CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5microsoft/windows_server_20085 versions+4

▶CVEListV5microsoft/windows_server_2008_r2Itanium-Based Systems Service Pack 1, x64-based Systems Service Pack 1, x64-based Systems Service Pack 1 (Server Core installation)+2

▶NVDmicrosoft/windowsr2

▶CVEListV5microsoft/windows_732-bit Systems Service Pack 1, x64-based Systems Service Pack 1+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-67qx-v8w9-q5x5: An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k↗2022-05-13

▶

CVEList

CVE-2018-8589: An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k↗2018-11-14

▶

VulnCheck

Microsoft Win32k Privilege Escalation Vulnerability↗2018

▶

📋Vendor Advisories

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2022-05-23

▶

Microsoft

Windows Win32k Elevation of Privilege Vulnerability↗2018-11-13

▶

🕵️Threat Intelligence

Securelist

New zero-day vulnerability CVE-2019-0859 in win32k.sys↗2019-04-15

▶

Trendmicro

Patch Tuesday Fixes Zero-Day Win32k Bug↗2018-11-14

▶

Trendmicro

Patch Tuesday Fixes Zero-Day Win32k Bug↗2018-11-14

▶

Securelist

A new exploit for zero-day vulnerability CVE-2018-8589↗2018-11-14

▶

Trendmicro

Patch Tuesday Fixes Zero-Day Win32k Bug↗2018-11-14

▶