Exposures › CVE-2018-8639
CVE-2018-8639
A local, authenticated privilege escalation flaw in Windows Win32k allowed attackers to run arbitrary kernel-mode code, leading to ransomware outbreaks.
This vulnerability required local authentication but still enabled arbitrary kernel-mode code execution, a severe breach of trust for any organization running Windows. DIBs must ensure all Windows systems are patched against this KEV-listed flaw to prevent ransomware entry and privilege escalation. The failure highlights the risk of relying on local authentication as a security boundary when a kernel-mode exploit exists.
Shame score — A critical, actively exploited vulnerability in a foundational OS component that enabled ransomware attacks, demonstrating severe negligence in patch management and system hardening.
Players implicated
Description
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Affected FedRAMP products 4 in the catalog
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |