Known Exploited Vulnerability: CVE-2018-8639

Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

CVE detail

Catalog version: 2026.06.25 Date added: 2025-03-03 Due date: 2025-03-24 CISA catalog

Product: Windows

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known ransomware campaign use: Known

Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-8639 https://nvd.nist.gov/vuln/detail/CVE-2018-8639

CWEs

CWE-404 MITRE ↗

cvelogic Threat Intelligence