Main Vulnerability Database SB2018111330

SB2018111330 - Elevation of privilege in Microsoft Windows 10 and Windows Server 2019

Published: November 13, 2018

Security Bulletin ID SB2018111330

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-8592)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permissions were set during installation of Microsoft Windows 10 version 1809 and Windows Server 2019 when installed from physical media (USB, DVD, etc.) with the "keep nothing" option selected during the installation.

A local attacker with physical access to the system can execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8592