CVE-2018-0886

EPSS 91.00% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-0886

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft Credential Security Support Provider protocol 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Microsoft Windows 10等都是美国微软（Microsoft）公司发布的一系列操作系统。Credential Security Support Provider protocol（CredSSP）是其中的一个凭据安全支持提供协议。 Microsoft CredSSP中存在远程代码执行漏洞。远程攻击者可利用该漏洞在目标系统上中继用户凭据并执行代码。以下系统版本受到影响：Microsoft Windows 10，Windows 10版本1511，Windows 10版本1607，Windows

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Microsoft Corporation	Windows	Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709	-

II. Public POCs for CVE-2018-0886

#	POC Description	Source Link	Shenlong Link
1	A code demonstrating CVE-2018-0886	https://github.com/preempt/credssp	POC Details
2	远程执行代码漏洞CVE-2018-0886漏洞修复资源下载免费下载	https://github.com/andychao/Remote_code_execution_vulnerability_CVE-2018-0886_vulnerability_fixing_resources_download	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-0886

请登录查看更多情报信息。

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886x_refsource_CONFIRM
https://github.com/preempt/credsspx_refsource_MISC
https://blog.preempt.com/security-advisory-credsspx_refsource_MISC
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03x_refsource_MISC
https://www.exploit-db.com/exploits/44453/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/103265vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040506vdb-entryx_refsource_SECTRACK
https://nvd.nist.gov/vuln/detail/CVE-2018-0886

Same Patch Batch · Microsoft Corporation · 2018-03-14 · 74 CVEs total

CVE-2018-0916		Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0940		Microsoft Exchange Outlook Web Access 权限许可和访问控制问题漏洞
CVE-2018-0926		Microsoft Windows kernel 信息泄露漏洞
CVE-2018-0925		Microsoft ChakraCore 缓冲区错误漏洞
CVE-2018-0924		Microsoft Exchange Server 信息泄露漏洞
CVE-2018-0923		Microsoft SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0922		Microsoft Office 缓冲区错误漏洞
CVE-2018-0921		Microsoft SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0919		Microsoft Office 信息泄露漏洞
CVE-2018-0917		Microsoft SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0927		Microsoft Internet Explorer和Edge 信息泄露漏洞
CVE-2018-0915		Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0914		Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0913		Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0912		Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0911		Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0910		Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0909		Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制问题漏洞
CVE-2018-0907		Microsoft Office 安全漏洞
CVE-2018-0904		Microsoft Windows kernel 信息泄露漏洞

Showing top 20 of 74 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Windows

Same vendor: Microsoft Corporation

V. Comments for CVE-2018-0886

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-0886

I. Basic Information for CVE-2018-0886

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2018-0886

III. Intelligence Information for CVE-2018-0886

Same Patch Batch · Microsoft Corporation · 2018-03-14 · 74 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-0886

Leave a comment