7.8
CVE-2018-8589
- EPSS 4.11%
- Published 14.11.2018 01:29:02
- Last modified 04.04.2025 15:32:36
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
23.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Win32k Privilege Escalation Vulnerability
VulnerabilityA privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.
DescriptionApply updates per vendor instructions.
Required actionsType | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 4.11% | 0.882 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|