CVE-2018-8589
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Windows Server 2008 | 32-bit Systems Service Pack 2 | affected |
| Microsoft | Windows Server 2008 | 32-bit Systems Service Pack 2 (Server Core installation) | affected |
| Microsoft | Windows Server 2008 | Itanium-Based Systems Service Pack 2 | affected |
| Microsoft | Windows Server 2008 | x64-based Systems Service Pack 2 | affected |
| Microsoft | Windows Server 2008 | x64-based Systems Service Pack 2 (Server Core installation) | affected |
| Microsoft | Windows 7 | 32-bit Systems Service Pack 1 | affected |
| Microsoft | Windows 7 | x64-based Systems Service Pack 1 | affected |
| Microsoft | Windows Server 2008 R2 | Itanium-Based Systems Service Pack 1 | affected |
| Microsoft | Windows Server 2008 R2 | x64-based Systems Service Pack 1 | affected |
| Microsoft | Windows Server 2008 R2 | x64-based Systems Service Pack 1 (Server Core installation) | affected |
Weaknesses
- Elevation of Privilege
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/105796
- http://www.securitytracker.com/id/1042140
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8589
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- http://www.securityfocus.com/bid/105796
- http://www.securitytracker.com/id/1042140
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8589
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.