cbcvebase.
CVE-2018-8637
published 2018-12-12

CVE-2018-8637: An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space…

PriorityP276medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.85%
76.4th percentile
An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass, aka "Win32k Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.

Affected

19 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_servers
microsoftwindows_server_2016
microsoftwindows_server_2019
msrcwindows_10_version_1803_for_32-bit_systems
msrcwindows_10_version_1803_for_arm64-based_systems
msrcwindows_10_version_1803_for_x64-based_systems
msrcwindows_10_version_1809_for_32-bit_systems
msrcwindows_10_version_1809_for_arm64-based_systems
msrcwindows_10_version_1809_for_x64-based_systems
msrcwindows_server_2019
msrcwindows_server_version_1803

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability requires local logon and execution of a specially crafted application; monitor for suspicious user-mode processes attempting kernel memory reads or KASLR bypass techniques on Windows 10 / Windows Server 2019 systems.
  • The disclosed information type is kernel memory read — unintentional read access to memory contents in kernel space from a user-mode process; detection should focus on anomalous user-mode to kernel-space memory address leakage patterns.
  • Affected component is Win32k (Windows Kernel); audit Win32k-related system calls and kernel object handle operations on unpatched Windows 10 / Windows Server 2019 hosts.
  • ·Exploitation assessed as 'More Likely' for both latest and older software releases, but no public exploit or in-the-wild exploitation was confirmed at time of disclosure; prioritise patching accordingly.
  • ·Affected platforms are limited to Windows 10, Windows 10 Servers, and Windows Server 2019; patches are delivered via KB4471324 and KB4471332.

CVSS provenance

nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.5MEDIUM
vendor_msrc4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.