CVE-2018-8639
Published: Dec 12, 2018
Modified: Oct 21, 2025
Description
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.
| Vendor | Product | Versions |
|---|---|---|
Microsoft | Windows 7 | affected 32-bit Systems Service Pack 1affected x64-based Systems Service Pack 1 |
Microsoft | Windows Server 2012 R2 | affected (Server Core installation) |
Microsoft | Windows RT 8.1 | affected Windows RT 8.1 |
Microsoft | Windows Server 2008 | affected 32-bit Systems Service Pack 2affected 32-bit Systems Service Pack 2 (Server Core installation)affected Itanium-Based Systems Service Pack 2affected x64-based Systems Service Pack 2affected x64-based Systems Service Pack 2 (Server Core installation) |
Microsoft | Windows Server 2019 | affected (Server Core installation) |
Microsoft | Windows Server 2012 | affected (Server Core installation) |
Microsoft | Windows 8.1 | affected 32-bit systemsaffected x64-based systems |
Microsoft | Windows Server 2016 | affected (Server Core installation) |
Microsoft | Windows Server 2008 R2 | affected Itanium-Based Systems Service Pack 1affected x64-based Systems Service Pack 1affected x64-based Systems Service Pack 1 (Server Core installation) |
Microsoft | Windows 10 | affected 32-bit Systemsaffected Version 1607 for 32-bit Systemsaffected Version 1607 for x64-based Systemsaffected Version 1703 for 32-bit Systemsaffected Version 1703 for x64-based Systems+10 more versions |
Microsoft | Windows 10 Servers | affected version 1709 (Server Core Installation)affected version 1803 (Server Core Installation) |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now