CERTVU:289907Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.2%
Overview
The Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation.
Description
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (âRace Conditionâ) - CVE-2018-8611
According to Microsoft, the Windows kernel fails âto properly handle objects in memoryâ. A successful attacker could run arbitrary code in kernel mode, and then âinstall programs; view, change, or delete data; or create new accounts with full user rights.â
Impact
After logging into the system, an attacker could run a maliciously crafted application to exploit the race condition. They could then elevate their local privileges, create user accounts, install new programs, or change, view, or delete data.
Kaspersky experts state that âthe exploit can also be used to escape the sandbox in modern Web browsers, including Chrome and Edge.â
Solution
Apply an update
This issue is addressed in the Microsoft update for CVE-2018-8611.
Vendor Information
289907
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Affected
Updated: January 04, 2019
Statement Date: December 11, 2018
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 6 | AV:L/AC:H/Au:S/C:C/I:C/A:C |
| Temporal | 5 | E:F/RL:OF/RC:C |
| Environmental | 5.0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611>
- <https://securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/>
- <https://usa.kaspersky.com/blog/cve-2018-8611-detected/16833/>
- <https://www.us-cert.gov/ncas/current-activity/2018/12/11/Microsoft-Releases-December-2018-Security-Updates>
- <https://cwe.mitre.org/data/definitions/362.html>
Acknowledgements
Thanks to researchers Boris Larin and Igor Soumenkov from Kaspersky Lab for reporting this vulnerability to Microsoft.
This document was written by Madison Oliver.
Other Information
| CVE IDs: | CVE-2018-8611 |
|---|---|
| Date Public: | 2018-11-12 Date First Published: |
References
cwe.mitre.org/data/definitions/362.html
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611
securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/
usa.kaspersky.com/blog/cve-2018-8611-detected/16833/
www.us-cert.gov/ncas/current-activity/2018/12/11/Microsoft-Releases-December-2018-Security-Updates
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.2%