PT-2018-2028 · Microsoft · Windows 10 Servers+3
Alex Ionescu
·
Published
2018-12-11
·
Updated
2020-08-24
·
CVE-2018-8637
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Windows 10 versions prior to the fixed version
Windows Server 2019 versions prior to the fixed version
Windows 10 Servers versions prior to the fixed version
Description
The issue is related to insecure privilege management in the Windows kernel, allowing an attacker to disclose protected information using a specially crafted application. This could potentially lead to a Kernel Address Space Layout Randomization (KASLR) bypass.
Recommendations
For Windows 10, update to a version that includes the fix for this issue.
For Windows Server 2019, apply the necessary patch or update to a version that includes the fix for this issue.
For Windows 10 Servers, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to sensitive system information until a patch is available.
Fix
Buffer Overflow
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Windows
Windows 10
Windows 10 Servers
Windows Server 2019