CVE-2018-8589

HIGH KEV

Windows - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.

References (4)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105796

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1042140

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8589

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8589

Scores

CVSS v3 7.8

EPSS 0.5044

EPSS Percentile 97.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-23

VulnCheck KEV 2018-10-17

InTheWild.io 2018-10-17

ENISA EUVD EUVD-2018-20204

Status published

Products (3)

microsoft/windows_7

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

Published Nov 14, 2018

KEV Added May 23, 2022

Tracked Since Feb 18, 2026