Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8675: Win32k Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-8675: Win32k Elevation of Privilege Vulnerability

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

09/12/2017

Created

07/25/2018

Added

09/12/2017

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.

Solution(s)

msft-kb4038779-1070c9d0-e91b-4bc4-b7b9-a64dd8e76951
msft-kb4038779-1f7d6ab2-b81a-4f48-859a-706a9990c78c
msft-kb4038779-3de7a78a-5b97-4df7-8bf6-36ebe20d3c75
msft-kb4038779-530b9069-0208-4eef-add4-da2b473e9ef8
msft-kb4038779-bb0be51a-f352-4d5f-b522-7d85d6e18585
msft-kb4038779-fcccb9ba-857f-484e-83be-fd0685a31efb
msft-kb4038781-543bcc38-5dd5-4468-ba64-42b448b2f723
msft-kb4038781-723a8a89-df76-45ca-8a16-9801e28fd75b
msft-kb4038782-397ff69f-657f-4029-9329-b2c00bd6a6a8
msft-kb4038782-e895239d-88ad-4ac3-b68f-8abb6b489d19
msft-kb4038782-e8a8e193-de5d-413d-990a-76d355b5fb5e
msft-kb4038783-7e41eb51-d66a-484f-a0d0-391ac07541b4
msft-kb4038783-cd8e051c-b8c6-40df-871b-909087f49cd6
msft-kb4038786-2ac4d3a4-287f-4f33-bb61-b7b81245f55b
msft-kb4038786-6c356cec-ee0d-458a-9561-daba4b9d324a
msft-kb4038786-793b7e3e-090e-472e-b275-b520b5832a77
msft-kb4038788-c74d6456-695e-4f07-a9b9-35e07259012b
msft-kb4038788-da917577-591c-4e7d-8ff0-4ef45f3c203f
msft-kb4038793-8c3d7238-564c-4ed3-ae6f-e3d9881f6f5f
msft-kb4038793-9516efa8-6493-43de-979c-ebf2aa89aa69
msft-kb4038793-d97e9753-f904-44d9-87a2-35cbf248aef4
msft-kb4039384-01fdbbba-0a44-4250-947b-23500f80be96
msft-kb4039384-2ce7ed93-2244-43ed-afb7-f92c0122c5a8
msft-kb4039384-a616b2f4-a421-48cb-ab7c-eeb73f9ec042
msft-kb4039384-e2695aa7-d9ac-4fc4-b8c5-8dbb3c972a43

References

https://attackerkb.com/topics/cve-2017-8675
CVE - 2017-8675
4038777
4038779
4038781
4038782
4038783
4038786
4038788
4038792
4038793
4038799
4039384

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8675: Win32k Elevation of Privilege Vulnerability

Microsoft CVE-2017-8675: Win32k Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.