CVE-2018-8134

HIGH

Windows Kernel API - Elevation of Privilege via Permission Enforcement

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8134. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit demonstrates a token trust SID access check bypass in Windows, allowing a non-admin process to elevate privileges by duplicating a protected process token and setting it as the primary token of a new process. This bypasses access checks for trust labels, such as those protecting critical system objects like \KnownDlls.

Description

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/44630

View Code ZIP pw:eip

The exploit demonstrates a token trust SID access check bypass in Windows, allowing a non-admin process to elevate privileges by duplicating a protected process token and setting it as the primary token of a new process. This bypasses access checks for trust labels, such as those protecting critical system objects like \KnownDlls.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 1709 (and RS4 builds)

Auth required

Prerequisites: Ability to create a protected process (e.g., werfaultsecure.exe) · PROCESS_QUERY_LIMITED_INFORMATION access to the protected process · SeImpersonatePrivilege (for related impersonation issue)

MITRE ATT&CK

T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040849

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8134

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44630/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104041

Scores

CVSS v3 7.0

EPSS 0.0305

EPSS Percentile 85.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (12)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2012 r2

microsoft/windows_server_2016

... and 2 more

Published May 09, 2018

Tracked Since Feb 18, 2026