CVE-2018-0824
Published: 09 May 2018
Summary
CVE-2018-0824 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A remote code execution vulnerability tracked as CVE-2018-0824 exists in Microsoft COM for Windows due to improper handling of serialized objects. The flaw is associated with CWE-502 and affects multiple Windows releases, specifically Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
An unauthenticated remote attacker can trigger the issue over a network connection. The attack requires user interaction and can result in arbitrary code execution with high impact to confidentiality, integrity, and availability, consistent with the CVSS 3.1 base score of 8.8.
Microsoft's security advisory supplies patch information and mitigation guidance for supported versions of the affected operating systems. Public exploit code for the vulnerability has been published.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-1629
Vulnerability details
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows…
more
Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
- CWE(s)
- KEV Date Added
- 05 August 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patches Microsoft released for CVE-2018-0824 to eliminate the deserialization flaw in COM.
Enforces validation and sanitization of untrusted serialized objects before COM deserializes them, directly blocking the CWE-502 vector.
Deploys malicious-code detection mechanisms that can recognize and block the arbitrary code payloads delivered via the COM RCE exploit.