CVE-2018-8589: An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability."…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

KEVITW

CISA Known Exploited Vulnerabilitydue 2022-06-13

Exploited in the wild

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

Affected

18 ranges

Vendor	Product	Version range	Fixed in
microsoft	windows_7	—	—
microsoft	windows_7	—	—
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008_r2	—	—
microsoft	windows_server_2008_r2	—	—
microsoft	windows_server_2008_r2	—	—
msrc	windows_7_for_32-bit_systems_service_pack_1	—	—
msrc	windows_7_for_x64-based_systems_service_pack_1	—	—
msrc	windows_server_2008_for_32-bit_systems_service_pack_2	—	—
msrc	windows_server_2008_for_itanium-based_systems_service_pack_2	—	—
msrc	windows_server_2008_for_x64-based_systems_service_pack_2	—	—
msrc	windows_server_2008_r2_for_itanium-based_systems_service_pack_1	—	—
msrc	windows_server_2008_r2_for_x64-based_systems_service_pack_1	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

vulncheck7.8HIGH

cisa7.8HIGH