Back to search
CVE-2018-0886
Published: Mar 14, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
| Vendor | Product | Versions |
|---|---|---|
Microsoft Corporation | Windows | affected Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 |
References
1040506
vdb-entry
x_refsource_SECTRACK
103265
vdb-entry
x_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03
x_refsource_MISC
https://blog.preempt.com/security-advisory-credssp
x_refsource_MISC
44453
exploit
x_refsource_EXPLOIT-DB
https://github.com/preempt/credssp
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now