CVE-2018-8639
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVSS
—
Sin CVSS
EPSS
22.3%
p97
KEV
SÍ
3 mar 2025
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Windows
Vulnerabilidad
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
Añadido a KEV
3 mar 2025
Remediar antes de
24 mar 2025
Uso conocido en ransomware
Sí
Descripción resumida
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-8639 ; https://nvd.nist.gov/vuln/detail/CVE-2018-8639