PT-2018-18470 · Microsoft · Windows Server 2016+11
Bear13Oy
·
Published
2018-05-08
·
Updated
2019-10-03
·
CVE-2018-8167
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows 7
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows 8.1
Windows RT 8.1
Windows 10
Windows 10 Servers
Description
An elevation of privilege issue exists due to the improper handling of objects in memory by the Windows Common Log File System (CLFS) driver. This allows attackers to affect the system.
Recommendations
For Windows 7, apply the necessary patch to fix the issue.
For Windows Server 2008, apply the necessary patch to fix the issue.
For Windows Server 2008 R2, apply the necessary patch to fix the issue.
For Windows Server 2012, apply the necessary patch to fix the issue.
For Windows Server 2012 R2, apply the necessary patch to fix the issue.
For Windows Server 2016, apply the necessary patch to fix the issue.
For Windows 8.1, apply the necessary patch to fix the issue.
For Windows RT 8.1, apply the necessary patch to fix the issue.
For Windows 10, apply the necessary patch to fix the issue.
For Windows 10 Servers, apply the necessary patch to fix the issue.
Fix
LPE
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows 10
Windows 10 Servers
Windows 7
Windows 8.1
Windows Common Log File System Driver
Windows Rt 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016