Microsoft RemoteFX Virtual GPU Miniport Driver Lets Local Users Gain Elevated Privileges
|
SecurityTracker Alert ID: 1042121 |
SecurityTracker URL: http://securitytracker.com/id/1042121
|
CVE Reference:
CVE-2018-8471
(Links to External Site)
|
Date: Nov 13 2018
|
Impact:
User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7 SP1, 8.1, 2016, 2016, 10 Version 1607, 10 Version 1703, 10 Version 1709, 10 Version 1803, 10 Version 1809, 2019
|
Description:
A vulnerability was reported in Microsoft RemoteFX Virtual GPU Miniport Driver. A local user can obtain elevated privileges on the target system.
A local user can run a specially crafted application to trigger an object memory handling bug and execute arbitrary code on the target system with elevated privileges.
RanchoIce of Tencent ZhanluLab and Chen Nan of Tencent ZhanluLab reported this vulnerability.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued a fix.
The Microsoft advisories are available at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471
|
Vendor URL: portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471 (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|