MicrosoftKB4100480Windows kernel update for CVE-2018-1038
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%
Windows kernel update for CVE-2018-1038
Notice
This update has been superceded by the following newer updates:April 10, 2018—KB4093108 (Security-only update)
April 10, 2018—KB4093118 (Monthly Rollup)
Summary
| This update addresses an elevation of privilege vulnerability in the Windows kernel in the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038. Users must apply this update to be fully protected against this vulnerability if their computers were updated on or after January 2018 by applying any of the following updates.KB article | Title |
|---|---|
| 4056897 | January 3, 2018—KB4056897 (Security-only update) |
| 4056894 | January 4, 2018—KB4056894 (Monthly Rollup) |
| 4073578 | Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1 |
| 4057400 | January 19, 2018—KB4057400 (Preview of Monthly Rollup) |
| 4074598 | February 13, 2018—KB4074598 (Monthly Rollup) |
| 4074587 | February 13, 2018—KB4074587 (Security-only update) |
| 4075211 | February 22, 2018—KB4075211 (Preview of Monthly Rollup) |
| 4088875 | March 13, 2018—KB4088875 (Monthly Rollup) |
| 4088878 | March 13, 2018—KB4088878 (Security-only update) |
| 4088881 | March 23, 2018—KB4088881 (Preview of Monthly Rollup) |
Notes
- This security update was updated on April 5, 2018 to address applicability issues in the original release of the update.
- Applicability rules have been expanded for this update. Therefore, this update will be offered via Windows Update and Windows Server Update Service (WSUS) if any of the Security Only (SO) updates that are listed in the table above are applied.
- No specific functional changes have been made to this security update. Therefore, no additional action is needed if this update has already been applied.
Known issues
Microsoft is not aware of any issues that affect this update currently.
How to get this update
__
Method 1: Windows Update
This update can be downloaded and installed from Windows Update.
__
Method 2: Windows Server Update Service
This update is now available for installation through WSUS.
__
Method 3: Microsoft Update Catalog
To get the stand-alone package for this update, go to the Microsoft Update Catalog website.
ReferencesLearn about theterminology that Microsoft uses to describe software updates.
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.8%