Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8581: Win32k Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-8581: Win32k Elevation of Privilege Vulnerability

Severity

CVSS

(AV:L/AC:H/Au:N/C:P/I:P/A:P)

Published

07/11/2017

Created

07/25/2018

Added

07/11/2017

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.

Solution(s)

msft-kb4025333-2884a1b4-f534-42b7-b4e9-6b07e48912f2
msft-kb4025333-9787a4fc-d69c-4bf5-92bf-7ee510368696
msft-kb4025333-a8091733-a526-4480-afe7-72a1b3385439
msft-kb4025337-27fce932-7817-4fdb-965f-19eb36d78839
msft-kb4025337-6c36dd1f-0240-48fa-9696-3fcf17a57a62
msft-kb4025337-794feee1-ea78-4c11-a683-a91335abb0e3
msft-kb4025337-856a0bc5-b356-4282-a54e-9cf87b548303
msft-kb4025337-85fadee5-ed6f-4a22-964a-9b2991c4cff1
msft-kb4025337-c15b95d8-875f-4922-9460-08ece3c9b584
msft-kb4025338-56ce2a02-e893-484d-8005-0fc74468cc84
msft-kb4025338-db3c2241-b6c1-4a6d-83b4-93b1ce46434b
msft-kb4025339-84c1a786-79d4-4d94-9a75-fc900083816f
msft-kb4025339-a44d500f-fc5d-4fe4-90cb-991568e9cb58
msft-kb4025339-d6677d54-ce7a-4774-a696-84de34eff033
msft-kb4025342-25acae93-40d4-4e62-814c-efb2f29f1bca
msft-kb4025342-682dbdab-6814-494b-84d5-8fb43c070c35
msft-kb4025343-3a348a0c-2982-4ee6-b51b-6e4644a6c888
msft-kb4025343-733ef1e8-2bb5-4f7e-ae77-70a3fd4f05c6
msft-kb4025343-878d370a-a48a-4f91-b0fc-a0dfd69e30ab
msft-kb4025344-747ff6a4-ff7b-4405-af04-2a85d1a6f6ad
msft-kb4025344-b43ab510-8532-4035-a512-0bdf731245e9
msft-kb4025877-0be0568b-3a50-4c8c-aec5-2563f2656a3b
msft-kb4025877-39ccb800-9139-42c3-8baf-3d901f2357b6
msft-kb4025877-39fd575f-2abb-4660-83c1-c210489c79d0
msft-kb4025877-b7e59e89-48b2-4f33-8684-337abf78ac77

References

https://attackerkb.com/topics/cve-2017-8581
CVE - 2017-8581
4025331
4025333
4025336
4025337
4025338
4025339
4025341
4025342
4025343
4025344
4025877

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8581: Win32k Elevation of Privilege Vulnerability

Microsoft CVE-2017-8581: Win32k Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.