Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8720: Win32k Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-8720: Win32k Elevation of Privilege Vulnerability

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

09/12/2017

Created

07/25/2018

Added

09/12/2017

Modified

11/18/2021

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.

Solution(s)

msft-kb4038779-1070c9d0-e91b-4bc4-b7b9-a64dd8e76951
msft-kb4038779-1f7d6ab2-b81a-4f48-859a-706a9990c78c
msft-kb4038779-3de7a78a-5b97-4df7-8bf6-36ebe20d3c75
msft-kb4038779-530b9069-0208-4eef-add4-da2b473e9ef8
msft-kb4038779-bb0be51a-f352-4d5f-b522-7d85d6e18585
msft-kb4038779-fcccb9ba-857f-484e-83be-fd0685a31efb
msft-kb4038781-543bcc38-5dd5-4468-ba64-42b448b2f723
msft-kb4038781-723a8a89-df76-45ca-8a16-9801e28fd75b
msft-kb4038782-397ff69f-657f-4029-9329-b2c00bd6a6a8
msft-kb4038782-e895239d-88ad-4ac3-b68f-8abb6b489d19
msft-kb4038782-e8a8e193-de5d-413d-990a-76d355b5fb5e
msft-kb4038783-7e41eb51-d66a-484f-a0d0-391ac07541b4
msft-kb4038783-cd8e051c-b8c6-40df-871b-909087f49cd6
msft-kb4038786-2ac4d3a4-287f-4f33-bb61-b7b81245f55b
msft-kb4038786-6c356cec-ee0d-458a-9561-daba4b9d324a
msft-kb4038786-793b7e3e-090e-472e-b275-b520b5832a77
msft-kb4038788-c74d6456-695e-4f07-a9b9-35e07259012b
msft-kb4038788-da917577-591c-4e7d-8ff0-4ef45f3c203f
msft-kb4038793-8c3d7238-564c-4ed3-ae6f-e3d9881f6f5f
msft-kb4038793-9516efa8-6493-43de-979c-ebf2aa89aa69
msft-kb4038793-d97e9753-f904-44d9-87a2-35cbf248aef4
msft-kb4039384-01fdbbba-0a44-4250-947b-23500f80be96
msft-kb4039384-2ce7ed93-2244-43ed-afb7-f92c0122c5a8
msft-kb4039384-a616b2f4-a421-48cb-ab7c-eeb73f9ec042
msft-kb4039384-e2695aa7-d9ac-4fc4-b8c5-8dbb3c972a43

References

https://attackerkb.com/topics/cve-2017-8720
CVE - 2017-8720
4038777
4038779
4038781
4038782
4038783
4038786
4038788
4038792
4038793
4038799
4039384

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-8720: Win32k Elevation of Privilege Vulnerability

Microsoft CVE-2017-8720: Win32k Elevation of Privilege Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.