Is CVE-2018-8639 exploitable?

Yes — CVE-2018-8639 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning it is confirmed exploited in the wild.

Is CVE-2018-8639 a false positive?

No practitioners have marked CVE-2018-8639 a false positive so far (2 verdicts).

How do I remediate CVE-2018-8639?

Practitioners have shared remediation steps for CVE-2018-8639 — see the remediation notes on this page.

CVE-2018-8639

is CVE-2018-8639real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch

High · CVSS 7.8EPSS 22.3%CISA KEVCWE-404

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.

References

NVD MITRE CVE.org CISA KEV

Published Dec 12, 2018

Embed this verdict

Markdown

[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2018-8639/badge.svg)](https://www.truepositive.app/cve/CVE-2018-8639)

HTML

<a href="https://www.truepositive.app/cve/CVE-2018-8639"><img src="https://www.truepositive.app/cve/CVE-2018-8639/badge.svg" alt="TruePositive verdict for CVE-2018-8639"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts

Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

Pick your verdict — we'll save it right after a quick sign-in.

Community real-world severity: Critical (Critical 2) — CVSS base score 7.8

Practitioners rate this higher than its CVSS — treat with extra caution.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

0
Field note · Yuki TanakaCurated
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability — Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Listed in the CISA KEV catalog (added 2025-03-03) — confirmed exploited in the wild, not theoretical. It is linked to known ransomware campaigns. FIRST EPSS puts the chance of exploitation in the next 30 days at ~22%. Treat it as real and prioritize remediation over triage.
0
Remediation · Hanna BergCurated
Required action for Microsoft Windows: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. CISA set a federal remediation due date of 2025-03-24. After patching, verify the vulnerable path is no longer reachable before closing the finding.

Same weakness — CWE-404.

CVE-2018-8639

Community ground truth

Field notes & remediation

Related CVEs