CVE-2018-8256
First published: Wed Nov 14 2018(Updated: )
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.2.2.0, Windows Server 2016, Windows Server 2012, Windows Server 2008 R2, Windows Server 2019, Windows 7, Windows Server 2012 R2, PowerShell Core 6.1, Windows 10 Servers, Windows 10, Windows 8.1.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Microsoft.powershell.archive | =1.2.2.0 | |
| Microsoft Powershell Core | =6.0 | |
| Microsoft Powershell Core | =6.1 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1703 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT 8.1 | ||
| Microsoft Windows Server 2008 | =r2-sp1 | |
| Microsoft Windows Server 2008 | =r2-sp1 | |
| Microsoft Windows Server 2012 | ||
| Microsoft Windows Server 2012 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1709 | |
| Microsoft Windows Server 2016 | =1803 | |
| Microsoft Windows Server 2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8256?
CVE-2018-8256 is a remote code execution vulnerability in Microsoft PowerShell.
How does CVE-2018-8256 affect Windows?
CVE-2018-8256 affects Windows RT 8.1, PowerShell Core 6.0, and various versions of Windows 10, Windows 7, Windows 8.1, and Windows Server.
What is the severity of CVE-2018-8256?
CVE-2018-8256 is classified as critical with a severity value of 8.8.
How can I fix CVE-2018-8256?
Apply the necessary security updates provided by Microsoft for the affected software versions.
Where can I find more information about CVE-2018-8256?
You can find more information about CVE-2018-8256 on the Microsoft Security website.
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/remedy
- agent/tags
- agent/description
- agent/event
- agent/references
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft microsoft.powershell.archive
- version/microsoft microsoft.powershell.archive/1.2.2.0
- canonical/microsoft powershell core
- version/microsoft powershell core/6.0
- version/microsoft powershell core/6.1
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1703
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt 8.1
- canonical/microsoft windows server 2008
- version/microsoft windows server 2008/r2-sp1
- canonical/microsoft windows server 2012
- version/microsoft windows server 2012/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1709
- version/microsoft windows server 2016/1803
- canonical/microsoft windows server 2019