Overview
The Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation.
Description
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - CVE-2018-8611 According to Microsoft, the Windows kernel fails "to properly handle objects in memory". A successful attacker could run arbitrary code in kernel mode, and then "install programs; view, change, or delete data; or create new accounts with full user rights." |
Impact
After logging into the system, an attacker could run a maliciously crafted application to exploit the race condition. They could then elevate their local privileges, create user accounts, install new programs, or change, view, or delete data. |
Solution
Apply an update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 6 | AV:L/AC:H/Au:S/C:C/I:C/A:C |
| Temporal | 5 | E:F/RL:OF/RC:C |
| Environmental | 5.0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611
- https://securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/
- https://usa.kaspersky.com/blog/cve-2018-8611-detected/16833/
- https://www.us-cert.gov/ncas/current-activity/2018/12/11/Microsoft-Releases-December-2018-Security-Updates
- https://cwe.mitre.org/data/definitions/362.html
Acknowledgements
Thanks to researchers Boris Larin and Igor Soumenkov from Kaspersky Lab for reporting this vulnerability to Microsoft.
This document was written by Madison Oliver.
Other Information
| CVE IDs: | CVE-2018-8611 |
| Date Public: | 2018-11-12 |
| Date First Published: | 2019-01-04 |
| Date Last Updated: | 2019-01-24 17:58 UTC |
| Document Revision: | 21 |