#VU9843 Privilege escalation in Windows and Windows Server - CVE-2018-0749
Published: January 3, 2018 / Updated: January 4, 2018
Vulnerability identifier: #VU9843
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0749
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an unspecified error in Windows SMB Server, which allows a local user to bypass certain security checks in the operating system while trying to obtain apecially crafted file over the SMB protocol on the same machine. Successful exploitation of the vulnerability may allow an attacker to escalate privileges on the affected system.
The vulnerability exists due to an unspecified error in Windows SMB Server, which allows a local user to bypass certain security checks in the operating system while trying to obtain apecially crafted file over the SMB protocol on the same machine. Successful exploitation of the vulnerability may allow an attacker to escalate privileges on the affected system.
Remediation
Install updates from vendor's website.