Privilege escalation in Windows Subsystem for Linux

Published: 2018-01-04 11:58:02
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-0743
CVSSv3 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-190
Exploitation vector Local
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Integer overflow

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in Windows Subsystem for Linux. A local user can execute a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0743

Back to List