CVE-2018-8410 | Windows Registry Elevation of Privilege Vulnerability

Sistemas afectados:

• Windows 10 for 32-bit and for x64-based Systems
• Windows 10 Version 1607 for 32-bit and for x64-based Systems
• Windows 10 Version 1703 for 32-bit and for x64-based Systems
• Windows 10 Version 1709 for 32-bit and for x64-based Systems
• Windows 10 Version 1803 for 32-bit and x64-based Systems
• Windows 7 for 32-bit and for x64-based Systems Service Pack 1
• Windows 8.1 for 32-bit systems
• Windows 8.1 for x64-based systems
• Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 e Server Core installation
• Windows Server 2012 e Server Core installation
• Windows Server 2012 R2 e Server Core installation
• Windows Server 2016 e Server Core installation
• Windows Server, version 1803 (Server Core Installation)

Descrição da Vulnerabilidade:

Existe uma vulnerabilidade de elevação de privilégio quando a API do Kernel do Windows manipula indevidamente objetos de registro na memória. Um invasor

que explorou com sucesso a vulnerabilidade pode obter privilégios elevados.

Recomendação:

• Recomendamos que sejam instalados os seguintes updates nas respectivas máquinas:
  
  • Windows 10 for 32-bit and for x64-based Systems
• (Security Update)
  
  • Windows 10 Version 1607 for 32-bit and for x64-based Systems

kb4457131 (Security Update)

• Windows 10 Version 1703 for 32-bit and for x64-based Systems

kb4457138 (Security Update)

• Windows 10 Version 1709 for 32-bit and for x64-based Systems

kb4457142 (Security Update)

• Windows 10 Version 1803 for 32-bit and x64-based Systems

Kb4457128 (Security Update)

• Windows 7 for 32-bit and for x64-based Systems Service Pack 1

kb4457144 (Monthly Rollup) ou kb4457145 (Security Only)

• Windows 8.1 for 32-bit systems

kb4457143 (Security Only) ou kb4457129 (Monthly Rollup)

• Windows 8.1 for x64-based systems

kb4457129 (Monthly Rollup) ou kb4457143 (Security Only)

• Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

kb4457144 (Monthly Rollup) ou kb4457145 (Security Only)

• Windows Server 2008 R2 for x64-based Systems Service Pack 1 e Server Core installation

kb4457144 (Monthly Rollup) ou kb4457145 (Security Only)

• Windows Server 2012 e Server Core installation

kb4457135 (Monthly Rollup) kb4457140 (Security Only)

• Windows Server 2012 R2 e Server Core installation

kb4457129 (Monthly Rollup) ou kb4457143 (Security Only)

• Windows Server 2016 e Server Core installation

kb4457131 (Security Update)

• Windows Server, version 1803 (Server Core Installation)

kb4457128 (Security Update)

Referências:

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8410
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8410
• https://www.securitytracker.com/id/1041635