Skip to main content

Windows KTM Race Condition Vulnerability

Microsoft have released details of a race condition vulnerability in the Windows Kernel Transaction Manager (KTM), a tool that allows applications to perform resource transactions by making those resources available as kernel objects.

Threat ID:
CC-2867
Category:
Threat Severity:
Medium
Threat Vector:
Published:
7 January 2019 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Microsoft have released details of a race condition vulnerability in the Windows Kernel Transaction Manager (KTM), a tool that allows applications to perform resource transactions by making those resources available as kernel objects.

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Microsoft Windows - All versions
  • Microsoft Windows Server - All versions

Threat details

An authenticated local user could exploit this vulnerability to gain kernel mode privileges.

The vulnerability lies in how the KTM handles application objects in memory. If an application passes specific arguments to the KTM it can cause a race condition, resulting in the user's privileges being escalated.

For further information

Remediation steps

Type Step

Microsoft addressed this vulnerability in their CVE-2018-8611 Security Update Guide. Users and administrators are encouraged to review this guide and apply the relevant updates.

CVE Vulnerabilities

Status

CVE-2018-8611

Last edited: 14 February 2020 2:48 pm