Privilege escalation in Microsoft Windows Kernel API

Published: 2018-06-12 22:41:26
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-0982
CVSSv3 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to an error when the Windows Kernel API enforces permissions. A local attacker can run a specially crafted application, gain system privileges and impersonate processes, interject cross-process communication, or interrupt system functionality.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0982

Back to List