Cyber Resilience

CVE-2018-8453

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 10 October 2018

Published
10 October 2018
Modified
28 October 2025
KEV Added
21 January 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.8133 99.2th percentile
Risk Priority 84 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-8453 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2018-8453 is an elevation of privilege issue in the Win32k component of Windows that arises when it fails to properly handle objects in memory. It impacts a wide range of Windows versions including Windows 7, Windows 10, Windows Server 2016, Windows Server 2019, and others.

An attacker can exploit this locally with no prior privileges required but needing some user interaction to achieve full elevation of privileges, resulting in complete control over confidentiality, integrity, and availability on the affected system.

Microsoft has published guidance for the issue through its security advisory. Reports indicate that the vulnerability has been used in targeted attacks.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows…

more

Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CWE(s)
KEV Date Added
21 January 2022

Related Threats

Threat-Actor AttributionAI

Lazarus Group (G0032)aka APT38
Kaspersky reported Lazarus Group exploiting CVE-2018-8453 in targeted attacks (securelist.com/cve-2018-8453-used-in-targeted-attack).

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 10 1703
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 10 1809
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 1709
all versions
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the Win32k memory-handling flaw before exploitation can succeed.

prevent

Mandates memory-protection safeguards that would block the unauthorized object manipulation Win32k performs during the EoP attack.

prevent

Enforces least-privilege execution so that even a successful local Win32k exploit cannot immediately obtain full system control.

References