PT-2018-1583 · Microsoft · Windows Server 2016+9
James Forshaw
+1
·
Published
2018-09-11
·
Updated
2019-10-03
·
CVE-2018-8410
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows 7
Windows Server 2012 R2
Windows RT 8.1
Windows Server 2012
Windows 8.1
Windows Server 2016
Windows Server 2008 R2
Windows 10
Windows 10 Servers
Description
The issue arises from the Windows Kernel API improperly handling registry objects in memory. This can lead to an elevation of privilege, potentially allowing an attacker to gain increased privileges on the system using a specially crafted application.
Recommendations
For Windows 7, update to a newer version to mitigate the risk.
For Windows Server 2012 R2, update to a newer version to mitigate the risk.
For Windows RT 8.1, update to a newer version to mitigate the risk.
For Windows Server 2012, update to a newer version to mitigate the risk.
For Windows 8.1, update to a newer version to mitigate the risk.
For Windows Server 2016, update to a newer version to mitigate the risk.
For Windows Server 2008 R2, update to a newer version to mitigate the risk.
For Windows 10, update to a newer version to mitigate the risk.
For Windows 10 Servers, update to a newer version to mitigate the risk.
Exploit
Fix
LPE
Buffer Overflow
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Windows
Windows 10
Windows 10 Servers
Windows 7
Windows 8.1
Windows Rt 8.1
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016