7.2
CVSSv2

CVE-2018-8453

Published: 10/10/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 773
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows 10 1703

microsoft windows 10 1709

microsoft windows 10 1803

microsoft windows 10 1809

microsoft windows 7 -

microsoft windows 8.1

microsoft windows rt 8.1 -

microsoft windows server 2008 -

microsoft windows server 2008 r2

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows server 2016 1709

microsoft windows server 2016 1803

microsoft windows server 2019 -

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ManualRanking include Msf::Post::File include Msf::Exploit::EXE include Msf::Post::Windows::Priv include Msf::Exploit::FileDropper def initial ...

Mailing Lists

An elevation of privilege vulnerability exists in Microsoft Windows when the Win32k component fails to properly handle objects in memory This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 81, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Serv ...

Metasploit Modules

Windows NtUserSetWindowFNID Win32k User Callback

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This module is tested against Windows 10 v1703 x86.

msf > use exploit/windows/local/cve_2018_8453_win32k_priv_esc
msf exploit(cve_2018_8453_win32k_priv_esc) > show targets
    ...targets...
msf exploit(cve_2018_8453_win32k_priv_esc) > set TARGET < target-id >
msf exploit(cve_2018_8453_win32k_priv_esc) > show options
    ...show and set options...
msf exploit(cve_2018_8453_win32k_priv_esc) > exploit

Github Repositories

cve-2018-8453 exp

cve-2018-8453-exp cve-2018-8453 exp 本程序为cve-2018-8453的利用程序。 开发\测试平台:x86: windows 10 rs2 15063 x64: windos 10 rs2 16299 附: 使用Palette来读写内核 严重声明: 本工具仅用于技术研究学习。非法使用造成一切后果,均与本人无关。

cve-2018-8453 exp

cve-2018-8453-exp cve-2018-8453 exp 本程序为cve-2018-8453的利用程序。 漏洞本身存在于win7及以后版本 但注意: 只有在win81及以后版本中才能利用!故本EXP只可用于WIN81及以后版本。 开发\测试平台:windows 10 rs2 1506 附: 使用Palette来读写内核

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2019-0803 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016/2019) CVE-2

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

Windows各种exp

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2019-0803 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016/2019) CVE-2

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

windows-kernel-exploits Windows平台提权漏洞集合

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

Windows各种exp

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2018-8639 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016) CVE-2018-1

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2019-0803 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016/2019) CVE-2

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2019-0803 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016/2019) CVE-2

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2019-0803 [An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory] (Windows 7/8/10/2008/2012/2016/2019) CVE-2

Resources for Windows exploit development

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching These are all resources that I have personally used and gone through Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HE

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching These are all resources that I have personally used and gone through Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HE

windows-kernel-exploits Windows平台提权漏洞集合

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

windows kernel security development

awesome-windows-kernel-security-development powershell githubcom/rootclay/Powershell-Attack-Guide pe file format githubcom/corkami/pics asm ide githubcom/ThomasJaeger/VisualMASM githubcom/Dman95/SASM githubcom/mrfearless/UASM-with-RadASM meltdown/spectre poc githubcom/turbo/KPTI-PoC-Collection githubcom/gkain

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

https://github.com/SecWiki/windows-kernel-exploits

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

Exploit Advanced Windows exploit development resources Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HEVD Vulnerable driver FLARE Kernel Shellcode Loader Vergilius - Undocumented kernel structures Windows X86-64 System Call Table Vulnerable Driver Megathread Windows Rootkits Talks / video recordings 11 part playlist - Rootk

Fully based on Advanced Windows exploitation. Kernel driver exploitation, browser exploitation, heap spraying etc....

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HEVD Vulnerable driver FLARE Kernel Shellcode Loader Vergilius - Undocum

windows 提权漏洞利用合集,利用脚本都已经生成可执行文件,附带编译环境,演示GIF图,漏洞详细信息

Welcome to Kernelhub 请使用者遵守 中华人民共和国网络安全法,勿将项目用于非授权的测试,项目开发者不负任何连带法律责任。 前言 目前还在收集当中,有几个CVE并没有找到可以利用的源码或者脚本 还有各位大佬的项目地址我也没写文档,后面总结好会在每个CVE下面标明

2019年天融信阿尔法实验室在微信公众号发布的所有安全资讯汇总

欢迎关注天融信阿尔法实验室微信公众号 20191231 [技术] 使用IDA从零开始学逆向, Part27 mediumcom/p/5fa5c173547c 36C3 CTF Writeups bananamafiadev/post/36c3ctf/ 再探同形文字攻击 alephsecuritycom/2019/12/29/revised-homograph-attacks/ 对1个Dell SonicWALL虚拟办公室的登录界面进行Password Spraying攻击

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

Sodinokibi Ransomware Exploits Windows Bug to Elevate Privileges
BleepingComputer • Ionut Ilascu • 04 Jul 2019

The Sodinokibi ransomware is looking to increase its privileges on a victim machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions.
The file-encrypting malware
 in April when it started to exploit a
.
Sodinokibi, a.k.a. REvil, also exploits CVE-2018-8453, security researchers found, a vulnerability discovered and reported by Kaspersky, that Microsoft 
 in October 2018.
Kaspersky uses the name Sodi...

Sodin ransomware exploits Windows vulnerability and processor architecture
Securelist • Orkhan Mamedov Artur Pakulov Fedor Sinitsyn • 03 Jul 2019

When Sodin (also known as Sodinokibi and REvil) appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers. In a detailed analysis, we discovered that it also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows (rare among ransomware), and uses legitimate processor functions to circumvent security solutions.
According to our statistics, most victims ...

Windows Zero-Day Emerges in Active Exploits
Threatpost • Tara Seals • 16 Apr 2019

A just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover.
Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw (CVE-2019-0859) is a use-after-free issue in the Windows kernel that allows local privilege escalation (LPE). It’s being used in advanced persistent threat (APT) campaigns, the researchers sai...

Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)
Securelist • Boris Larin Vladislav Stolyarov Anton Ivanov • 12 Dec 2018

In October 2018, our AEP (Automatic Exploit Prevention) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8611. Microsoft just released a patch, part of its December update, crediting Kaspersky Lab researchers Boris Larin (Oct0xor) and Igor Soumenkov (2igosha) ...

Kaspersky Security Bulletin 2018. Top security stories
Securelist • David Emm Victor Chebyshev • 03 Dec 2018

The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of data, disruption, damage, reputational damage or simply ‘for the lulz’. The result is a threat landscape that ranges from highly sophisticated targeted...

Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks
BleepingComputer • Ionut Ilascu • 14 Nov 2018

A zero-day vulnerability in certain editions of Windows operating system helped at least one advanced threat group increase their privileges on compromised machines until Microsoft patched it with this month's release of security updates.
The zero-day bug affects both 32- and 64-bit Windows 7 and Server 2008 systems; it stems from improper handling of calls to Win32k.sys. Properly exploited, the glitch allows an attacker to install programs, view or alter data, or create new user accounts ...

Zero-day exploit (CVE-2018-8453) used in targeted attacks
Securelist • AMR • 10 Oct 2018

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. We reported this vulnerability to Microsoft on August 17, 2018. Microsoft confirmed the vulnerability and designated it CVE-2018-8453.

In August 2018 our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft Windows operating system. Further analysis into this cas...

It's October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old... bug
The Register • Shaun Nichols in San Francisco • 09 Oct 2018

Redmond goes retro in latest Patch Tuesday bundle

Microsoft has released the October edition of its monthly security update, addressing a total of 49 CVE-listed bugs.
Among the 49 fixes were three issues that have already been publicly disclosed and a fourth that was being targeted in the wild. On top of that, a remote code execution bug in Exchange Server is the resurfacing of a vulnerability first found in 2010.
CVE-2010-3190 is a remote code execution bug created by insecure handling of DLL files in applications made with Microso...

Researchers use ‘fingerprints’ to track Windows exploit developers
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Researchers can now find the developer of a specific Windows exploit using a new "fingerprinting" technique specifically devised to keep track of exploit developers' activity.
More to the point, Check Point security researchers Itay Cohen and Eyal Itkin were able to track 16 Windows Kernel Local Privilege Escalation (LPE) exploits to two different exploit developers known as Volodya (or BuggiCorp) and PlayBit (or luxor2008).
15 of the exploits Check Point successfully matched to a...