Main Vulnerability Database Vulnerabilities #VU14400

Privilege escalation in Windows and Windows Server - CVE-2018-8347

Published: August 14, 2018 / Updated: August 14, 2018

Vulnerability identifier: #VU14400

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8347

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists Microsoft Windows due to an error when the Windows kernel fails to properly handle parsing of certain symbolic links. A local attacker can run a specially crafted application to potentially access privileged registry keys and thereby elevate permissions.

How to mitigate CVE-2018-8347

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8347

Privilege escalation in Windows and Windows Server - CVE-2018-8347

Detailed vulnerability description

How to mitigate CVE-2018-8347

Sources

Please verify you're human