The Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation.
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) - CVE-2018-8611
According to Microsoft, the Windows kernel fails “to properly handle objects in memory”. A successful attacker could run arbitrary code in kernel mode, and then “install programs; view, change, or delete data; or create new accounts with full user rights.”
After logging into the system, an attacker could run a maliciously crafted application to exploit the race condition. They could then elevate their local privileges, create user accounts, install new programs, or change, view, or delete data.
Kaspersky experts state that “the exploit can also be used to escape the sandbox in modern Web browsers, including Chrome and Edge.”
Apply an update
This issue is addressed in the Microsoft update for CVE-2018-8611.
289907
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 04, 2019
Statement Date: December 11, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 6 | AV:L/AC:H/Au:S/C:C/I:C/A:C |
Temporal | 5 | E:F/RL:OF/RC:C |
Environmental | 5.0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Thanks to researchers Boris Larin and Igor Soumenkov from Kaspersky Lab for reporting this vulnerability to Microsoft.
This document was written by Madison Oliver.
CVE IDs: | CVE-2018-8611 |
---|---|
Date Public: | 2018-11-12 Date First Published: |
cwe.mitre.org/data/definitions/362.html
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611
securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/
usa.kaspersky.com/blog/cve-2018-8611-detected/16833/
www.us-cert.gov/ncas/current-activity/2018/12/11/Microsoft-Releases-December-2018-Security-Updates