Elevation of Privilege Vulnerability in Microsoft Windows Products
CVE-2017-8563

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Windows 7 Sp1, Windows Server 2008 Sp2 And R2 Sp1, Windows 8.1 And Windows Rt 8.1, Windows Server 2012 And R2, Windows 10 Gold, 1511, 1607, 1703, And Windows Server 2016.
Vendor: CVE Published:; 11 July 2017

Summary

Microsoft Windows products exhibit an elevation of privilege vulnerability stemming from a fallback to the NT LAN Manager (NTLM) Authentication Protocol via Kerberos. This situation can potentially allow an attacker to gain elevated access privileges within the affected systems, compromising the integrity and confidentiality of the environment. It is crucial for organizations using affected Windows versions to apply the necessary patches and updates to mitigate this risk.

Affected Version(s)

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016. Microsoft Windows

References

https://portal.msrc.microsoft.com/en-us/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/99402

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2017
Vulnerability Reserved
May 3, 2017