High severity7.0NVD Advisory· Published Mar 14, 2018· Updated Jun 17, 2026
CVE-2018-0886
CVE-2018-0886
Description
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14multiple versions (see description)+ 1 more
- (no CPE)range: multiple versions (see description)
- (no CPE)range: Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709
- osv-coords12 versionspkg:rpm/opensuse/freerdp2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-pyspnego&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015pkg:rpm/suse/vinagre&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5
< 2.4.0-2.1+ 11 more
- (no CPE)range: < 2.4.0-2.1
- (no CPE)range: < 0.5.0-1.1
- (no CPE)range: < 2.0.0~git.1463131968.4e66df7-12.8.1
- (no CPE)range: < 2.0.0~git.1463131968.4e66df7-12.8.1
- (no CPE)range: < 2.0.0~git.1463131968.4e66df7-12.8.1
- (no CPE)range: < 2.0.0~git.1463131968.4e66df7-12.8.1
- (no CPE)range: < 2.1.2-12.20.1
- (no CPE)range: < 2.0.0~git.1463131968.4e66df7-12.8.1
- (no CPE)range: < 2.0.0~git.1463131968.4e66df7-12.8.1
- (no CPE)range: < 2.1.2-12.20.1
- (no CPE)range: < 2.0.0~rc4-3.3.1
- (no CPE)range: < 3.20.2-16.3.3
Patches
Vulnerability mechanics
References
6- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886nvdPatchVendor Advisory
- blog.preempt.com/security-advisory-credsspnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/44453/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/103265nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040506nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-18-198-03nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.