Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-104652
HistoryJul 10, 2018 - 12:00 a.m.

Microsoft Windows CVE-2018-8314 Privilege Escalation Vulnerability

2018-07-1000:00:00
Symantec Security Response
www.symantec.com
32

0.003 Low

EPSS

Percentile

67.3%

JSON

Description

Microsoft Windows is prone to a privilege-escalation vulnerability. An attackers may exploit this issue to gain elevated privileges.

Technologies Affected

  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for 64-bit Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Implement multiple redundant layers of security.
Memory-protection schemes (such as nonexecutable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.

Related

mscve 1
mskb 14
cve 2
prion 2
cvelist 2
krebs 1
nessus 5
kaspersky 2
openvas 3
talosblog 1
trendmicroblog 1
mscve
mscve
Windows Elevation of Privilege Vulnerability
2018-07-10 07:00:00
mskb
mskb
Description of the security update for the Windows elevation of privilege vulnerability in Windows Server 2008: July 10, 2018
2018-07-10 07:00:00
July 10, 2018—KB4338823 (Security-only update)
2018-07-10 07:00:00
Improvements and fixes - Windows Server 2012
2018-07-10 07:00:00
cve
cve
CVE-2018-8314
2018-07-11 00:29:00
CVE-2018-8313
2018-07-11 00:29:00
prion
prion
Privilege escalation
2018-07-11 00:29:00
Privilege escalation
2018-07-11 00:29:00
cvelist
cvelist
CVE-2018-8313
2018-07-11 00:00:00
CVE-2018-8314
2018-07-11 00:00:00
krebs
krebs
Patch Tuesday, July 2018 Edition
2018-07-11 02:34:41
nessus
nessus
Security Updates for Windows Server 2008 (July 2018)
2018-07-11 00:00:00
KB4338820: Windows Server 2012 July 2018 Security Update
2018-07-10 00:00:00
KB4338823: Windows 7 and Windows Server 2008 R2 July 2018 Security Update
2018-07-10 00:00:00
kaspersky
kaspersky
KLA11285 Multiple vulnerabilities in Microsoft Windows
2018-07-10 00:00:00
KLA12551 Multiple vulnerabilities in Microsoft Products (ESU)
2018-07-10 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4338818)
2018-07-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4338815)
2018-07-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4338829)
2018-07-11 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - July 2018
2018-07-10 10:36:00
trendmicroblog
trendmicroblog
Zero-Day Coverage Update – Week of July 9, 2018
2018-07-13 14:10:20

0.003 Low

EPSS

Percentile

67.3%

JSON
Related for SMNTC-104652
mscve1mskb14cve2prion2cvelist2krebs1nessus5kaspersky2openvas3talosblog1trendmicroblog1