Main Vulnerability Database Vulnerabilities #VU15877

Cryptographic issues in Windows and Windows Server - CVE-2018-8549

Published: November 14, 2018

Vulnerability identifier: #VU15877

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-8549

CWE-ID: CWE-310

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows an attacker to bypass certain security restrictions.

The vulnerability exists in the way Windows validates kernel driver signatures. An attacker with ability to pass a driver file with a forged signature onto the system can gain elevated privileges.

How to mitigate CVE-2018-8549

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8549

Cryptographic issues in Windows and Windows Server - CVE-2018-8549

Detailed vulnerability description

How to mitigate CVE-2018-8549

Sources

Please verify you're human