CVE-2018-0828

HIGH

Microsoft Windows 10 - Insufficiently Protected Credentials

Title source: rule

Description

Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability".

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102935

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040373

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0828

Scores

CVSS v3 7.8

EPSS 0.0100

EPSS Percentile 76.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (2)

microsoft/windows_10

microsoft/windows_server_2016

Timeline

Published Feb 15, 2018

Tracked Since Feb 18, 2026