Exposures › CVE-2018-8639

CVE-2018-8639

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-03-03
Reference
⚡ RCE ⌖ exploited in the wild shame 85/100 ransomwarerceexploited-in-wildunpatchedprivilege-escalationnegligence

A local, authenticated privilege escalation flaw in Windows Win32k allowed attackers to run arbitrary kernel-mode code, leading to ransomware outbreaks.

This vulnerability required local authentication but still enabled arbitrary kernel-mode code execution, a severe breach of trust for any organization running Windows. DIBs must ensure all Windows systems are patched against this KEV-listed flaw to prevent ransomware entry and privilege escalation. The failure highlights the risk of relying on local authentication as a security boundary when a kernel-mode exploit exists.

Shame score — A critical, actively exploited vulnerability in a foundational OS component that enabled ransomware attacks, demonstrating severe negligence in patch management and system hardening.

Players implicated

Description

Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90