KEV · Actively exploited

CVE-2018-8639

HIGH 7.0 KEV Published on 2018-12-11

Win32k Elevation of Privilege Vulnerability

EPSS 33.19% moderate exploit risk percentile 97.0%

CISA Known Exploited Vulnerability

Added to KEV: 2025-03-03
Remediation deadline: 2025-03-24
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Ransomware: Yes, known ransomware campaign

This CVE is resolved by the following OS security releases. Update the OS to at least the listed version.