CVE-2018-8120
Published: 09 May 2018
Summary
CVE-2018-8120 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.0 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-16 (Memory Protection).
Deeper analysis
An elevation of privilege vulnerability exists in the Win32k component of Windows when it fails to properly handle objects in memory. The issue, tracked as CVE-2018-8120, affects Windows Server 2008, Windows 7, and Windows Server 2008 R2 and is distinct from the related issues CVE-2018-8124, CVE-2018-8164, and CVE-2018-8166. It carries a CVSS 3.1 base score of 7.0 reflecting local attack vector, high attack complexity, and low privileges required.
A local attacker with existing low-privileged access can exploit the flaw without user interaction to obtain elevated privileges, resulting in high impact to confidentiality, integrity, and availability on the affected system. The weakness is categorized under CWE-404.
Public proof-of-concept code for the vulnerability has been published, and Microsoft has released an advisory detailing the issue at its security guidance portal along with additional tracking entries on SecurityFocus and SecurityTracker.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-19796
Vulnerability details
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is…
more
unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
- CWE(s)
- KEV Date Added
- 15 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires memory protection mechanisms that would block the Win32k improper object handling flaw used for local privilege escalation.
Enforces least privilege so a low-privileged local attacker cannot reach or exploit the kernel memory flaw to obtain elevated rights.
Mandates timely installation of the Microsoft patch that eliminates the Win32k memory-handling vulnerability before exploitation.