Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0894: Windows Kernel Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2018-0894: Windows Kernel Information Disclosure Vulnerability

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:N)

Published

03/13/2018

Created

07/25/2018

Added

03/13/2018

Modified

11/18/2021

Description

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.

Solution(s)

msft-kb4088776-2c72e703-9c4c-4146-9e32-cc4386b2cfb2
msft-kb4088776-3b3e0295-642a-4b7d-84b7-c6b5e83f5ca2
msft-kb4088776-786afab9-c31a-475e-8a16-67957d2e609d
msft-kb4088779-48dd1136-48ee-44c7-a573-868521eccff4
msft-kb4088779-c19a8868-ac70-44b1-9b6f-2d4dc02cf9ba
msft-kb4088782-4c26f4d6-719a-484d-b39e-e05f7b8f92b0
msft-kb4088782-f6e16c94-5afc-4df9-9970-2d4ca233b263
msft-kb4088786-beebacd8-b2b4-4dd0-94b4-9e3d6252b7f0
msft-kb4088786-d8280f8b-2c0a-4543-99a8-8e72f83c84dd
msft-kb4088787-5dc25e3e-31b9-4ac7-b1b7-a62a9821390d
msft-kb4088787-b28a900c-61a0-4362-8df4-e1ecc7caa389
msft-kb4088787-c4fe9ff8-acd4-405b-91b5-334daf81ae00
msft-kb4088878-3eccb222-8147-418c-b824-32e3963b52c1
msft-kb4088878-54e97a4a-39f4-4bb4-bec4-c20626c69b4f
msft-kb4088878-89e27e55-1e9f-401f-b425-a336c4de339b
msft-kb4088878-b6298521-2c71-4d80-a936-4488236eb2ab
msft-kb4088878-ce7acebc-806a-4eee-b8b5-49b0519d888a
msft-kb4088878-db255014-1ec8-426a-ab12-20e28bec0d24
msft-kb4088879-913c1d08-eb63-4b74-aeff-a476d1fbaa2c
msft-kb4088879-beb98ea4-03f7-4d8c-a14c-1283b674e7b5
msft-kb4088879-ebcd1310-7b09-4c4a-9782-1b7e7c242dfd
msft-kb4088880-289ecc78-2b4d-450f-9497-0eb70a22c752
msft-kb4088880-4af681cd-8e85-46e0-810c-ef55910f3037
msft-kb4088880-885d494a-b0e4-442b-8540-30de0cf6feba
msft-kb4089229-03dd8e9f-1d8b-4c95-b534-425a61b6ebf3
msft-kb4089229-8bb46f6d-6caf-41ae-b816-80fc77fe7ba0
msft-kb4089229-ea1320f7-a598-484c-8c45-f1b0c3d796eb

References

https://attackerkb.com/topics/cve-2018-0894
CVE - 2018-0894
4088776
4088779
4088782
4088786
4088787
4088875
4088876
4088877
4088878
4088879
4088880
4089229

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0894: Windows Kernel Information Disclosure Vulnerability

Microsoft CVE-2018-0894: Windows Kernel Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.