Denial of service in Connected User Experiences and Telemetry Service

Published: 2018-12-11 22:44:52
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8612
CVSSv3 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows Server
Windows
Vulnerable software versions Windows Server 2016
Windows Server 2019
Windows Server 1709
Windows Server 1803
Windows 10 1607
Windows 10 1703
Windows 10 1709
Windows 10 1803
Windows 10 1809
Vendor URL Microsoft

Security Advisory

1) Input validation error

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of values passed to certain functions within the Connected User Experiences and Telemetry Service. A local user can perform a denial of service attack.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8612

Back to List