CVE-2017-8563

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Windows 7 Sp1, Windows Server 2008 Sp2 And R2 Sp1, Windows 8.1 And Windows Rt 8.1, Windows Server 2012 And R2, Windows 10 Gold, 1511, 1607, 1703, And Windows Server 2016.
Vendor: CVE Published:; 11 July 2017

Summary

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".

Affected Version(s)

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016. Microsoft Windows

References

https://portal.msrc.microsoft.com/en-us/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/99402

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2017
Vulnerability Reserved
May 3, 2017

Collectors

NVD DatabaseMitre Database