Privilege escalation in Diagnostic Hub Standard Collector for Microsoft Windows

Published: 2018-08-14 23:53:10
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-0952
CVSSv3 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Visual Studio
Vulnerable software versions Windows 10
Windows Server 2016
Visual Studio 2015 Update 3
Visual Studio 2017
Visual Studio 2017 Version 15.8
Vendor URL Microsoft

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to Diagnostics Hub Standard Collector allows to create files in arbitrary locations. A local attacker can run a specially crafted application and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952

Back to List