CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Jun 13, 2022
Description
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.
EPSS — Exploit Probability
46.3%
Higher than 97.6% of all CVEs
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2018-8589
Risk Assessment
ELEVATEDIn CISA KEV
Details
- Severity
- High
- EPSS
- 46.3%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
May 23, 2022
Added to KEV
May 23, 2022
Remediation Due
Jun 13, 2022