Cyber Resilience

CVE-2018-8589

HighCISA KEVActive ExploitationEUVD Exploited

Published: 14 November 2018

Published
14 November 2018
Modified
28 October 2025
KEV Added
23 May 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.5044 97.9th percentile
Risk Priority 66 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-8589 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Deeper analysis

An elevation of privilege vulnerability exists in Windows when the operating system improperly handles calls to the Win32k.sys kernel-mode driver. The issue, tracked as CVE-2018-8589, affects Windows 7, Windows Server 2008, and Windows Server 2008 R2. It received a CVSS v3.1 base score of 7.8, reflecting local attack vector, low attack complexity, and low privileges required.

A local attacker with a low-privileged account can exploit the flaw to elevate privileges on an affected system, resulting in full control over confidentiality, integrity, and availability of the target. No user interaction is required for successful exploitation.

Microsoft has published an advisory for CVE-2018-8589 at the listed portal URL, along with related tracking entries on SecurityFocus and SecurityTracker. No information on real-world exploitation or additional context is provided in the supplied references.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

CWE(s)
KEV Date Added
23 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 7
all versions
microsoft
windows server 2008
all versions, r2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the Win32k.sys EoP flaw before exploitation.

prevent

Limits the initial privilege level an attacker can obtain, thereby reducing the value of successful exploitation of the local EoP.

prevent

Enforces kernel-level access decisions that the vulnerable Win32k.sys call path is intended to uphold but fails to enforce.

References