Privilege escalation in Windows kernel

Published: 2018-12-11 21:08:57 | Updated: 2018-12-13
Severity Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8611
CVSSv3 8.4 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CWE ID CWE-362
Exploitation vector Local
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 8.1
Windows 7
Windows 10

Show more

Windows Server 2012
Windows Server 2012 R2
Windows Server 2008

Show more

Vendor URL Microsoft

Security Advisory

UPDATED: 13.12.2018
Changed vulnerability description and CWE-ID.

1) Race condition

Description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to a race condition within the Kernel Transaction Manager driver (ntoskrnl.exe) when processing transacted file operations in kernel mode. A local user can create a specially program, and run arbitrary code on the system n kernel mode.

Note: the vulnerability is being exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611

Back to List