PT-2018-1646 · Microsoft · Windows 10 Servers+4

Niels Ferguson

Published

2018-09-11

Updated

2019-10-03

CVE-2018-8435

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Windows Server 2016 Windows 10 Windows 10 Servers

Description A security feature bypass issue exists due to the Windows Hyper-V BIOS loader's failure to provide a high-entropy source. This allows a remote attacker to bypass built-in security restrictions.

Recommendations For Windows Server 2016, Windows 10, and Windows 10 Servers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331CWE-269

Related Identifiers

BDU:2018-01205

CVE-2018-8435

Affected Products

Windows

Windows 10

Windows 10 Servers

Windows Hyper-V

Windows Server 2016

PT-2018-1646 · Microsoft · Windows 10 Servers+4

CVE-2018-8435

Weakness Enumeration

Related Identifiers

Affected Products

References · 8