PT-2018-1812 · Microsoft · Windows Server 2019+2

Published

2018-11-13

Updated

2019-10-03

CVE-2018-8592

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows 10 version 1809 Windows Server 2019

Description The issue is related to errors in the installation procedure of the Windows operating system from physical media, such as USB or DVD. Exploitation of this issue may allow an attacker to elevate their privileges using the "keep nothing" option during the installation process. This affects Windows 10 and Windows Server 2019.

Recommendations For Windows 10 version 1809, consider applying the necessary security updates to resolve the issue. For Windows Server 2019, apply the relevant security patches to fix the vulnerability. As a temporary workaround, restrict the use of physical media for installation and consider alternative installation methods until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2018-01412

CVE-2018-8592

Affected Products

Windows

Windows 10

Windows Server 2019

PT-2018-1812 · Microsoft · Windows Server 2019+2

CVE-2018-8592

Weakness Enumeration

Related Identifiers

Affected Products

References · 10