- Description
- An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.
- Source
- secure@microsoft.com
- NVD status
- Modified
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Data from CISA
- Vulnerability name
- Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
- Exploit added on
- Mar 3, 2025
- Exploit action due
- Mar 24, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログで、以下の脆弱性の悪用が確認された。 - WindowsのCVE-2018-8639, CVE-2024-30051 - SharePointのCVE-2024-38094 また、Ivanti社VPN製品群のCVE-2025-22457では、要求対策がハンティングを含むものに変更。 https://t.co/wQDUw2hGxs
@__kokumoto
7 Apr 2025
1130 Impressions
0 Retweets
6 Likes
4 Bookmarks
0 Replies
0 Quotes
Cybersecurity guy here. The NIST and federal government is hiding the fact that the entire internet is comprised. Chaining exploits has created a HUGE vulnerability CVE-2018-8639, CVE-2023-20118, CVE-2023-20025… don’t believe me? Look it up @elonmusk @teameffujoe @JackPosobiec
@erickman1979
7 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISAは、既知の悪用されている脆弱性カタログに新たに5つの脆弱性を追加したことを発表しました。 ・CVE-2023-20118 ・CVE-2022-43939 ・CVE-2022-43769 ・CVE-2018-8639 ・CVE-2024-4885 https://t.co/Exu8c4xTLv https://t.co/qxdw1Rse1y
@t_nihonmatsu
5 Mar 2025
231 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA has added five critical vulnerabilities to its KEV catalog, with CVE-2018-8639 and CVE-2023-20118 exploited in the wild. Concerns grow over the agency's slow response. ⚠️ #CISACatalog #WindowsExploits #USA link: https://t.co/WpuiarTsDL https://t.co/fWRD4EuwUT
@TweetThreatNews
4 Mar 2025
115 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA has identified vulnerabilities CVE-2023-20118 and CVE-2018-8639 in Cisco and Windows systems as actively exploited. CVE-2023-20118 allows command execution on specific VPN routers via an authentication bypass (CVE-2023-20025). https://t.co/q4hhOQPpoN
@securityRSS
4 Mar 2025
51 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Cisco and Windows Vulnerabilities 📅 Timeline: Disclosure: 2025-03-03 🆔cveId: CVE-2023-20118, CVE-2018-8639 📊baseScore: 7.2 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 🛠️exploitMaturity: Actively Exploited… htt
@syedaquib77
4 Mar 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has alerted US federal agencies to secure Cisco and Windows systems against actively exploited vulnerabilities. The flaws include CVE-2023-20118, allowing command execution on certain routers, and CVE-2018-8639, a Win32k elevation of privilege bug in Windows. #Security https
@Strivehawk
3 Mar 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA alerts US federal agencies about actively exploited vulnerabilities in Cisco and Windows systems. Addressing CVE-2023-20118 & CVE-2018-8639 is crucial for security by March 23. ⚠️🇺🇸 #CISAAlert #CyberRisks #USSecurity link: https://t.co/EKe5YhvAfA https://t.co/oiCJ0mdy
@TweetThreatNews
3 Mar 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro_n:*:*:*",
"vulnerable": true,
"matchCriteriaId": "854EBFBA-2ED3-4158-BBD4-801CDEC551EE"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:itanium:*",
"vulnerable": true,
"matchCriteriaId": "B20DD263-5A62-4CB1-BD47-D1F9A6C67E08"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
}
],
"operator": "OR"
}
]
}
]