Privilege escalation in Diagnostics Hub Standard Collector Service

Published: 2018-12-11 22:47:18
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8599
CVSSv3 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows 10 1607
Windows 10 1703

Show more

Windows Server 2016
Windows Server 2019
Windows Server 1709
Windows Server 1803
Vendor URL Microsoft

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to an error when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. A remote attacker can gain elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599

Back to List