CVE-2018-8405

CVSS 7.8 HIGHEPSS 3.4%● KEVCWE-404

In short

A flaw in Windows' graphics driver allows an attacker with local access to run code with higher privileges than intended. This means someone on your computer could gain admin-level control without proper authorization.

Technical detail

An improper object handling vulnerability in the DirectX Graphics Kernel (DXGKRNL) driver permits local privilege escalation. The attack requires prior local access to the system; successful exploitation grants arbitrary code execution with elevated privileges.

Summary generated and translated by AI from the official description.

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Microsoft · Windows 10 Microsoft · Windows 10 Servers Microsoft · Windows 8.1 Microsoft · Windows RT 8.1 Microsoft · Windows Server 2012 R2 Microsoft · Windows Server 2016

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8405 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8405 http://www.securityfocus.com/bid/105011 http://www.securitytracker.com/id/1041461