Vulnerability Details : CVE-2018-0826
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".
Vulnerability category: Gain privilege
Products affected by CVE-2018-0826
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0826
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0826
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
References for CVE-2018-0826
-
http://www.securitytracker.com/id/1040379
Windows AppContainer, Named Pipe File System, and Storage Services Flaws Let Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/102944
Microsoft Windows CVE-2018-0826 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44152/
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0826
CVE-2018-0826 | Windows Storage Services Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Jump to