Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8313: Windows Elevation of Privilege Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Microsoft CVE-2018-8313: Windows Elevation of Privilege Vulnerability

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
07/10/2018
Created
07/25/2018
Added
07/10/2018
Modified
11/18/2021

Description

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.

Solution(s)

  • msft-kb4338814-1d730105-0adc-48b0-b97e-f99e48b0bc43
  • msft-kb4338814-3e8fbcc4-12ae-46d7-a550-98b36cf04be3
  • msft-kb4338814-c0b5b4ea-e32b-4bd3-8f5a-5d20c0d60b6c
  • msft-kb4338819-08527cb0-be58-4d15-8f32-45fb469e1e20
  • msft-kb4338819-9876f789-b78e-461c-aede-5719fef65c90
  • msft-kb4338819-a4a592f3-8cbf-465f-a51a-63e0e57ec72b
  • msft-kb4338820-42ded291-a440-4b4d-9efd-877384896802
  • msft-kb4338820-756f2788-66ec-4732-ab6d-10a889a37d64
  • msft-kb4338820-e053fade-ae8f-4e1b-a113-c319625bc13c
  • msft-kb4338824-007ce1f3-3a12-40ef-8389-322068b780a7
  • msft-kb4338824-4f051f3f-abd6-4d6d-8fbe-c78051dfe500
  • msft-kb4338824-5d49efb1-0497-4625-9504-474fceca16d8
  • msft-kb4338825-0839cfd6-8d2d-4902-86f9-c500c8c2012e
  • msft-kb4338825-b4d83549-b9d9-476e-a185-2cbcac3e6da5
  • msft-kb4338825-f09a0bc7-6651-458a-9781-7fc2aa78f77a
  • msft-kb4338826-5631f856-d323-46c6-9315-6009b1e15264
  • msft-kb4338826-68816a0f-47c2-40da-b3cd-f46bc468546e
  • msft-kb4338829-65462f35-2ae0-49e0-8271-65ae301cb886
  • msft-kb4338829-b156d204-e2b4-4f8a-baba-c2501be2b4c2

References

View more

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;