Multiple vulnerabilities in Microsoft Windows kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-8649 CVE-2018-8641 CVE-2018-8639 CVE-2018-8637 CVE-2018-8622 CVE-2018-8621 CVE-2018-8477 |
| CWE-ID | CWE-119 CWE-125 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #3 is being exploited in the wild. |
| Vulnerable software Subscribe |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU16463
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8649
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error n Windows kernel. A local unprivileged user can cause the Windows kernel to crash.
Install updates from vendor's website.
Vulnerable software versionsWindows: 10 1809 10.0.17763.1
Windows Server: 2019 10.0.17763.1
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8649
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU16464
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8641
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with escalated privileges.
The vulnerability exists due to a boundary error in Windows kernel-mode driver win32k.sys. A local user can use a specially crafted application to execute arbitrary code with SYSTEM privileges.
Install updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1809 10.0.17763.1
Windows Server: 2008 - 2019 1803
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8641
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU16465
Risk: Low
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-8639
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on the target system.
The vulnerability exists due to a boundary error in Windows kernel-mode driver win32k.sys. A local user can use a specially crafted application to execute arbitrary code with SYSTEM privileges. MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1809 10.0.17763.1
Windows Server: 2008 - 2019 1803
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8639
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Out-of-bounds read
EUVDB-ID: #VU16466
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8637
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition Windows kernel. A local user can run a specially crafted application to read contests from kernel memory and use the information to bypass Kernel Address Space Layout Randomization (KASLR) protection.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 10 1803 10.0.17134.48 - 10 1809 10.0.17763.1
Windows Server: 2019 10.0.17763.1 - 2019 1803
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8637
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU16467
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8622
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Windows kernel. A local user can read contents of kernel memory.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: 7 - 8.1 RT
Windows Server: 2008 - 2012 R2
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8622
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU16468
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Windows kernel. A local user can read contents of kernel memory.
Install updates from vendor's website.
Vulnerable software versionsWindows Server: 2008 R2 - 2012
Windows: 7
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8621
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU16469
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-8477
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Windows kernel. A local user can read contents of kernel memory.
Install updates from vendor's website.
Vulnerable software versionsWindows: 7 - 10 1809 10.0.17763.1
Windows Server: 2008 - 2019 1803
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8477
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
