Is CVE-2018-0886 known to be exploited?

27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Corporation Windows

CVE-2018-0886

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016…

EPSS: 0.910 (99.7th percentile) — read the EPSS interpretation.

Affected products

Microsoft Corporation Windows — versions Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709

Public proof-of-concept exploits

References

1040506 (vdb-entry, x_refsource_SECTRACK)
103265 (vdb-entry, x_refsource_BID)
ics-cert.us-cert.gov/advisories/ICSA-18-198-03 (x_refsource_MISC)
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886 (x_refsource_CONFIRM)
blog.preempt.com/security-advisory-credssp (x_refsource_MISC)
44453 (exploit, x_refsource_EXPLOIT-DB)
github.com/preempt/credssp (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-0886?: CVE-2018-0886 is a vulnerability in Microsoft Corporation Windows. Published 2018-03-14.
Is CVE-2018-0886 known to be exploited?: 27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.