CVE-2018-8406

CVSS 7.8 HIGHEPSS 3.4%● KEVCWE-404

In short

A flaw in Windows' graphics driver (DirectX) allows an attacker with local access to gain higher system privileges, potentially taking full control of the computer.

Technical detail

The DirectX Graphics Kernel (DXGKRNL) driver fails to properly validate memory object handling, allowing a local attacker to trigger a privilege escalation. Exploitation requires local code execution capability and affects Windows 10 and Windows Server 2016, potentially leading to kernel-level access.

Summary generated and translated by AI from the official description.

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Microsoft · Windows 10 Microsoft · Windows 10 Servers Microsoft · Windows Server 2016

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8406 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8406 http://www.securityfocus.com/bid/105012 http://www.securitytracker.com/id/1041461