Vulnerability assessment(CVE-2017-8590)

Common Vulnerabilities and Exposures (CVE) is a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures. CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. The goal of CVE is to make it easier to share data across separate vulnerable databases and security tools. I have analyzed the CVE-2017-8590 vulnerability which is mainly based on the windows common log file system driver, the version and detailed description is shown below.

• Vulnerability name -Windows CLFS Elevation of Privilege Vulnerability
• Platform in which the vulnerability occur -Windows
• Versions of platform - Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.
• How can be vulnerability fixed -Apply Security Only update KB4025333(This security update includes quality improvements. No new operating system features are being introduced in this update.)
• If exploited? -In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control of the affected system. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
• CVSS V3.0Score - Base score - 8.8/10

Note: CVSS(common vulnerability scoring system)