search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

Vulnerability Note VU#289907

Original Release Date: 2019-01-04 | Last Revised: 2019-01-24

Overview

The Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation.

Description

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - CVE-2018-8611

According to Microsoft, the Windows kernel fails "to properly handle objects in memory". A successful attacker could run arbitrary code in kernel mode, and then "install programs; view, change, or delete data; or create new accounts with full user rights."

Impact

After logging into the system, an attacker could run a maliciously crafted application to exploit the race condition. They could then elevate their local privileges, create user accounts, install new programs, or change, view, or delete data.

Kaspersky experts state that "the exploit can also be used to escape the sandbox in modern Web browsers, including Chrome and Edge."

Solution

Apply an update

This issue is addressed in the Microsoft update for CVE-2018-8611.

Vendor Information

289907
 
Affected   Unknown   Unaffected

Microsoft

Updated:  January 04, 2019

Statement Date:   December 11, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base 6 AV:L/AC:H/Au:S/C:C/I:C/A:C
Temporal 5 E:F/RL:OF/RC:C
Environmental 5.0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to researchers Boris Larin and Igor Soumenkov from Kaspersky Lab for reporting this vulnerability to Microsoft.

This document was written by Madison Oliver.

Other Information

CVE IDs: CVE-2018-8611
Date Public: 2018-11-12
Date First Published: 2019-01-04
Date Last Updated: 2019-01-24 17:58 UTC
Document Revision: 20

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.