CVE-2018-8406
HIGH KEV RANSOMWAREWindows 10 and Windows Server - Elevation of Privilege via DirectX Graphics Kernel Memory Handling
Title source: llmExploitation Summary
CVE-2018-8406 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022, with confirmed use in ransomware campaigns.
Description
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.
References (4)
Core 4
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8406
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105012
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041461
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406
Scores
CVSS v3
7.8
EPSS
0.0344
EPSS Percentile
87.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-03-28
VulnCheck KEV
2019-02-19
InTheWild.io
2022-03-28
ENISA EUVD
EUVD-2018-20044
Ransomware Use
Confirmed
CWE
CWE-404
Status
published
Products (8)
microsoft/windows_10_1507
(2 CPE variants)
microsoft/windows_10_1607
(2 CPE variants)
microsoft/windows_10_1703
(2 CPE variants)
microsoft/windows_10_1709
(2 CPE variants)
microsoft/windows_10_1803
(2 CPE variants)
microsoft/windows_server_1709
microsoft/windows_server_1803
microsoft/windows_server_2016
Published
Aug 15, 2018
KEV Added
Mar 28, 2022
Tracked Since
Feb 18, 2026