CVE-2018-0886

EUVD-2018-1677
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_7
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4103716
1511 (x64, x86)
KB4088779
1607 (x64, x86)
KB4103723
1703 (x64, x86)
KB4103731
1709 (x64, x86)
KB4103727
1803 (x64, x86)
KB4103721
1809 (arm64, x64, x86)
KB4551853
1903 (arm64, x64, x86)
KB4556799
1909 (arm64, x64, x86)
KB4556799
Windows 7
Service Pack 1 (x64, x86)
KB4103718
Windows 8.1
(x64, x86)
KB4103725
Windows RT 8.1
All
KB4103725
Windows Server
1709 Server Core
KB4103727
1803 Server Core
KB4103721
1903 Server Core
KB4556799
1909 Server Core
KB4556799
Windows Server 2008
Service Pack 2 (x64, x86)
KB4056564
Service Pack 2 Server Core (x64, x86)
KB4056564
Windows Server 2008 R2
Service Pack 1 (x64)
KB4103718
Service Pack 1 Server Core (x64)
KB4103718
Windows Server 2012
Server Core
KB4103730
Standard
KB4103730
Windows Server 2012 R2
Server Core
KB4103725
Standard
KB4103725
Windows Server 2016
Server Core
KB4103723
Standard
KB4103723
Windows Server 2019
Server Core
KB4551853
Standard
KB4551853
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103265
http://www.securitytracker.com/id/1040506
https://blog.preempt.com/security-advisory-credssp
https://github.com/preempt/credssp
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886
https://www.exploit-db.com/exploits/44453/
http://www.securityfocus.com/bid/103265
http://www.securitytracker.com/id/1040506
https://blog.preempt.com/security-advisory-credssp
https://github.com/preempt/credssp
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886
https://www.exploit-db.com/exploits/44453/