CVE-2018-8140:This is a vulnerability identified as CVE-2018-8140, which affects Microsoft's Windows 10 and Windows 10 Servers. The vulnerability is an Elevation of Privilege issue that occurs when Cortana retrieves data from user input services without considering the status.

splash
Back

Description Preview

The CVE-2018-8140 is an Elevation of Privilege vulnerability that exists in Microsoft's Windows 10 and Windows 10 Servers. This vulnerability is triggered when Cortana, Microsoft's virtual assistant, retrieves data from user input services without proper consideration for status. This could potentially allow an attacker to gain elevated privileges and compromise the affected system. The affected versions include Windows 10 version 1709 and 1803 for both 32-bit and x64-based systems, and Windows 10 Servers version 1709 and 1803 (Server Core Installation).

Overview

The vulnerability, identified as CVE-2018-8140, was first published on June 14, 2018, by Microsoft. It affects Windows 10 and Windows 10 Servers, specifically versions 1709 and 1803 for both 32-bit and x64-based systems, and the Server Core Installation. The problem arises when Cortana retrieves data from user input services without considering the status, leading to an Elevation of Privilege vulnerability.

Remediation

Microsoft has released updates to address this vulnerability. Users are advised to apply these updates as soon as possible to protect their systems. It is also recommended to restrict access to critical systems and ensure that least privilege principles are applied. Regularly updating and patching systems can also help prevent the exploitation of this vulnerability.

References

  1. Security Focus
  2. Security Tracker
  3. Microsoft Security Guidance

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Retail Trade
    Retail Trade
  5. Transportation & Warehousing
    Transportation & Warehousing
  6. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  7. Management of Companies & Enterprises
    Management of Companies & Enterprises
  8. Utilities
    Utilities
  9. Finance and Insurance
    Finance and Insurance
  10. Educational Services
    Educational Services
  11. Accommodation & Food Services
    Accommodation & Food Services
  12. Information
    Information
  13. Mining
    Mining
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Wholesale Trade
    Wholesale Trade
  16. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  17. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  18. Construction
    Construction
  19. Other Services (except Public Administration)
    Other Services (except Public Administration)
  20. Real Estate Rental & Leasing
    Real Estate Rental & Leasing

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database