CVE-2018-8637
published 2018-12-12CVE-2018-8637: An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space…
PriorityP276medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.85%
76.4th percentile
An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2019 | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1803 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability requires local logon and execution of a specially crafted application; monitor for suspicious user-mode processes attempting kernel memory reads or KASLR bypass techniques on Windows 10 / Windows Server 2019 systems. ↗
- →The disclosed information type is kernel memory read — unintentional read access to memory contents in kernel space from a user-mode process; detection should focus on anomalous user-mode to kernel-space memory address leakage patterns. ↗
- →Affected component is Win32k (Windows Kernel); audit Win32k-related system calls and kernel object handle operations on unpatched Windows 10 / Windows Server 2019 hosts. ↗
- ·Exploitation assessed as 'More Likely' for both latest and older software releases, but no public exploit or in-the-wild exploitation was confirmed at time of disclosure; prioritise patching accordingly. ↗
- ·Affected platforms are limited to Windows 10, Windows 10 Servers, and Windows Server 2019; patches are delivered via KB4471324 and KB4471332. ↗
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.5MEDIUM
vendor_msrc4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Win32k Information Disclosure Vulnerability
vendor_msrc·2018-12-11·CVSS 4.7
CVE-2018-8637 [MEDIUM] Win32k Information Disclosure Vulnerability
Win32k Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.
FAQ: What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory
GHSA
GHSA-92c6-xg29-5j5f: An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Addr
ghsa_unreviewed·2022-05-13
CVE-2018-8637 [MEDIUM] GHSA-92c6-xg29-5j5f: An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Addr
An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
VulnCheck
Microsoft Win32k Information Disclosure Vulnerability
vulncheck·2018·CVSS 5.5
CVE-2018-8637 [MEDIUM] Microsoft Win32k Information Disclosure Vulnerability
Microsoft Win32k Information Disclosure Vulnerability
An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.tenable.com/blog/daisy-chaining-how-vulnerabilities-can-be-greater-than-the-sum-of-their-parts
No detection rules found.
No public exploits indexed.
2018-12-12
Published
Exploited in the wild