#VU14373 Improper input validation in Windows and Windows Server - CVE-2018-8414

Cybersecurity Help s.r.o.

Published: 2018-08-14 | Updated: 2018-08-14

Vulnerability identifier: #VU14373

Vulnerability risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2018-8414

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Windows
Operating systems & Components / Operating system
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to an error when validating file paths in Windows Shell. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary system commands on the vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Windows: 10

Windows Server: 2016 10.0.14393.10

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Remote command execution in Windows Shell on Microsoft Windows 10 and 2016