CVE-2017-8493

MEDIUM

Microsoft - Privilege Escalation

Title source: llm

Description

Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability".

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98850

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038671

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8493

Scores

CVSS v3 5.5

EPSS 0.0053

EPSS Percentile 67.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-178

Status published

Products (9)

microsoft/windows_10

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2012

microsoft/windows_server_2016

Microsoft Corporation/Microsoft Windows < Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1

Published Jun 15, 2017

Tracked Since Feb 18, 2026