Published: 09/05/2018 Updated: 03/10/2019

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 616

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 10 1607
microsoft windows 10 1709
microsoft windows 10 -
microsoft windows 10 1511
microsoft windows 10 1703
microsoft windows 10 1807
microsoft windows 7 -
microsoft windows 8.1 -
microsoft windows server 2008 -
microsoft windows server 2008 r2
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows server 2016 1803
microsoft windows server 2016 -
microsoft windows server 2016 1709

It's 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V

The Register • Chris Williams, Editor in Chief • 09 May 2018

Scores of bugs, from Edge and Office to kernel code to Adobe Flash, need fixing ASAP

Patch Tuesday Microsoft and Adobe have patched a bunch of security bugs in their products that can be exploited by hackers to commandeer vulnerable computers, siphon people's personal information, and so on. Redmond emitted 68 patches alone, 21 rated critical and at least two being actively exploited in the wild. There are browser and kernel patches you should look into first, check out an Office 365 email filter bypass that isn't addressed, then Hyper-V if you're using that, and then the rest. ...

CVE-2018-8124

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect