PT-2018-9122 · Microsoft · Desktop Bridge+4

James Forshaw

Published

2018-03-13

Updated

2022-05-23

CVE-2018-0882

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Windows 10 versions 1607 through 1709 Windows Server 2016 Windows Server, version 1709

Description: The issue is related to how the virtual registry is managed in the Desktop Bridge, allowing an elevation of privilege. This could potentially allow attackers to affect the system.

Recommendations: For Windows 10 versions 1607 through 1709, consider restricting access to the virtual registry until a patch is available. For Windows Server 2016 and Windows Server, version 1709, restrict access to the Desktop Bridge to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-0882

Affected Products

Desktop Bridge

Windows

Windows 10

Windows Server

Windows Server 2016

PT-2018-9122 · Microsoft · Desktop Bridge+4

CVE-2018-0882

Related Identifiers

Affected Products

References · 8