cnvd - cnvd-2018-13363

cnvd-2018-13363

Vulnerability from cnvd

Title

Microsoft Windows权限提升漏洞（CNVD-2018-13363）

Description

Microsoft Windows 7等都是美国微软（Microsoft）公司发布的操作系统。Microsoft Windows 7是一套个人电脑使用的操作系统。Windows Server 2012 R2是一套服务器操作系统。 Microsoft Windows中存在提权漏洞。攻击者可利用该漏洞在受影响的系统上提升权限。

Severity

高

Patch Name

Microsoft Windows权限提升漏洞（CNVD-2018-13363）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314

Impacted products

Name
['Microsoft Windows Server 2008', 'Microsoft Windows Server 2008 R2', 'Microsoft Windows 7', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows 10']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104652"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8314"
    }
  },
  "description": "Microsoft Windows 7\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Windows 7\u662f\u4e00\u5957\u4e2a\u4eba\u7535\u8111\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Windows Server 2012 R2\u662f\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-13363",
  "openTime": "2018-07-18",
  "patchDescription": "Microsoft Windows 7\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Windows 7\u662f\u4e00\u5957\u4e2a\u4eba\u7535\u8111\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Windows Server 2012 R2\u662f\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Windows\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-13363\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008",
      "Microsoft Windows Server 2008 R2",
      "Microsoft Windows 7",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Windows 8.1",
      "Microsoft Windows RT 8.1 SP0",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows 10"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314",
  "serverity": "\u9ad8",
  "submitTime": "2018-07-11",
  "title": "Microsoft Windows\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-13363\uff09"
}

CVE-2018-8314 (GCVE-0-2018-8314)

Vulnerability from cvelistv5

Published

2018-07-11 00:00

Modified

2024-08-05 06:54

Severity ?

CWE

Elevation of Privilege

Summary

An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313.

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041263	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/104652	vdb-entry, x_refsource_BID

Impacted products

Vendor

Product

Version

Microsoft

Windows 7

Version: 32-bit Systems Service Pack 1
Version: x64-based Systems Service Pack 1

Microsoft	Windows Server 2012 R2	Version: (Server Core installation)
Microsoft	Windows RT 8.1	Version: Windows RT 8.1
Microsoft	Windows Server 2008	Version: 32-bit Systems Service Pack 2 Version: 32-bit Systems Service Pack 2 (Server Core installation) Version: Itanium-Based Systems Service Pack 2 Version: x64-based Systems Service Pack 2 Version: x64-based Systems Service Pack 2 (Server Core installation)
Microsoft	Windows Server 2012	Version: (Server Core installation)
Microsoft	Windows 8.1	Version: 32-bit systems Version: x64-based systems
Microsoft	Windows Server 2008 R2	Version: Itanium-Based Systems Service Pack 1 Version: x64-based Systems Service Pack 1 Version: x64-based Systems Service Pack 1 (Server Core installation)
Microsoft	Windows 10	Version: 32-bit Systems Version: x64-based Systems

Show details on NVD website