⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2018-8637

5 documents5 sources
Severity
5.5MEDIUM
EPSS
1.2%
top 21.07%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Microsoft Windows 10Microsoft Windows 10 ServersMicrosoft Windows Server 2019+1 more
Timeline
PublishedDec 12
Latest updateMay 13

Description

An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

CVEListV5microsoft/windows_10_serversversion 1803 (Server Core Installation)
CVEListV5microsoft/windows_server_2019(Server Core installation)
CVEListV5microsoft/windows_106 versions+5
NVDmicrosoft/windows_101803, 1809+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-92c6-xg29-5j5f: An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Addr2022-05-13
CVEList
CVE-2018-8637: An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Addr2018-12-12
VulnCheck
Microsoft Win32k Information Disclosure Vulnerability2018

📋Vendor Advisories

1
Microsoft
Win32k Information Disclosure Vulnerability2018-12-11
CVE-2018-8637 (MEDIUM CVSS 5.5) | An information disclosure vulnerabi | cvebase.io