CVE-2018-0826

HIGH

Windows Storage Services - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-0826. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages a TOCTOU (Time-of-Check to Time-of-Use) race condition in the StorSvc SvcMoveFileInheritSecurity RPC method to achieve arbitrary file creation and elevation of privilege. By manipulating file permissions and using an oplock, the attacker can redirect a file move operation to an arbitrary location while running at SYSTEM.

Description

Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/44152

View Code ZIP pw:eip

The exploit leverages a TOCTOU (Time-of-Check to Time-of-Use) race condition in the StorSvc SvcMoveFileInheritSecurity RPC method to achieve arbitrary file creation and elevation of privilege. By manipulating file permissions and using an oplock, the attacker can redirect a file move operation to an arbitrary location while running at SYSTEM.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Windows 10 1709

Auth required

Prerequisites: Access to a user account on the target system · Ability to compile and execute the C++ PoC

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44152/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102944

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040379

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0826

Scores

CVSS v3 7.0

EPSS 0.0323

EPSS Percentile 86.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (6)

microsoft/windows_10 1511

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_server_2016

microsoft/windows_server_2016 1709

Published Feb 15, 2018

Tracked Since Feb 18, 2026