New Search

Windows Code Integrity Module Denial of Service Vulnerability - CVE-2018-1040

oval:org.cisecurity:def:5983

A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However the denial of service condition could prevent authorized users from using system resources. An attacker could host a specially crafted file in a website or SMB share. The attacker could also take advantage of compromised websites or websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. However in all cases an attacker would have no way to force users to view the attacker-controlled content. Instead an attacker would have to convince users to take action typically via an enticement in email or instant message or by getting them to open an email attachment. The security update addresses the vulnerability by modifying how the Code Integrity Module performs hashing.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008
  • Microsoft Windows 7
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8.1
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
Class:
vulnerability
Reference(s):
  • CVE-2018-1040
  • MSRC-CVE-2018-1040
  • KB4284867
  • KB4230467
  • KB4284846
  • KB4284878
  • KB4284860
  • KB4284880
  • KB4284874
  • KB4284819
  • KB4284835
Product(s):