cbcvebase.
CVE-2018-8641
published 2018-12-12

CVE-2018-8641: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation…

PriorityP277high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.12%
62.0th percentile
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8639.

Affected

60 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_servers
microsoftwindows_10_servers
microsoftwindows_7
microsoftwindows_7
microsoftwindows_8.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the Windows kernel-mode driver (Win32k) failing to properly handle objects in memory; monitor for specially crafted applications executed by a locally logged-on user that interact with Win32k kernel-mode objects.
  • Exploitation requires local logon followed by execution of a specially crafted application; hunt for low-privilege processes spawning kernel-mode interactions or unexpected privilege escalation to SYSTEM/kernel context.
  • Successful exploitation allows arbitrary code execution in kernel mode; alert on unexpected kernel-mode code execution originating from user-mode processes, new high-privilege account creation, or mass data access/deletion following a privilege escalation event.
  • Microsoft rates exploitation as 'More Likely' for both latest and older software releases; prioritize detection and patching on all affected Windows versions including Windows 7, 8.1, 10, Server 2008/2012/2016/2019.
  • ·The vulnerability affects a broad range of Windows versions; ensure patch applicability is verified per OS version before deploying the corresponding KB update.
  • ·This CVE is distinct from CVE-2018-8639, which is a separate Win32k EoP vulnerability patched in the same cycle; ensure both are tracked and remediated independently.

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
vendor_msrc7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.