Cyber Resilience

CVE-2018-8120

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 09 May 2018

Published
09 May 2018
Modified
28 October 2025
KEV Added
15 March 2022
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9416 99.9th percentile
Risk Priority 90 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-8120 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.0 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-16 (Memory Protection).

Deeper analysis

An elevation of privilege vulnerability exists in the Win32k component of Windows when it fails to properly handle objects in memory. The issue, tracked as CVE-2018-8120, affects Windows Server 2008, Windows 7, and Windows Server 2008 R2 and is distinct from the related issues CVE-2018-8124, CVE-2018-8164, and CVE-2018-8166. It carries a CVSS 3.1 base score of 7.0 reflecting local attack vector, high attack complexity, and low privileges required.

A local attacker with existing low-privileged access can exploit the flaw without user interaction to obtain elevated privileges, resulting in high impact to confidentiality, integrity, and availability on the affected system. The weakness is categorized under CWE-404.

Public proof-of-concept code for the vulnerability has been published, and Microsoft has released an advisory detailing the issue at its security guidance portal along with additional tracking entries on SecurityFocus and SecurityTracker.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is…

more

unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.

CWE(s)
KEV Date Added
15 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 7
all versions
microsoft
windows server 2008
all versions, r2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires memory protection mechanisms that would block the Win32k improper object handling flaw used for local privilege escalation.

prevent

Enforces least privilege so a low-privileged local attacker cannot reach or exploit the kernel memory flaw to obtain elevated rights.

prevent

Mandates timely installation of the Microsoft patch that eliminates the Win32k memory-handling vulnerability before exploitation.

References