CVE-2018-8406

HIGH KEV RANSOMWARE

Microsoft Windows 10 1507 - Improper Resource Release

Title source: rule

Description

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.

Exploits (1)

github 175 stars

by wjl110 · javascriptpoc

https://github.com/wjl110/CVE-Master/tree/main/CVE-2018/CVE-2018-8406

References (4)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105012

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041461

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8406

Scores

CVSS v3 7.8

EPSS 0.4999

EPSS Percentile 97.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-28

VulnCheck KEV 2019-02-19

InTheWild.io 2022-03-28

ENISA EUVD EUVD-2018-20044

Ransomware Use Confirmed

CWE

CWE-404

Status published

Products (8)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1607 (2 CPE variants)

microsoft/windows_10_1703 (2 CPE variants)

microsoft/windows_10_1709 (2 CPE variants)

microsoft/windows_10_1803 (2 CPE variants)

microsoft/windows_server_1709

microsoft/windows_server_1803

microsoft/windows_server_2016

Published Aug 15, 2018

KEV Added Mar 28, 2022

Tracked Since Feb 18, 2026