Microsoft has released a security advisory addressing the kernel-level privilege escalation vulnerability, affecting Microsoft Windows 7(x64) and Server 2008 R2(x64). An authenticated attacker could exploit this vulnerability by running malicious code in kernel mode.
Reports indicate that the proof-of-concept exploit code is available on the Internet.
A successful attack could lead to arbitrary code execution, elevation of privilege or take control of affected systems.
Patches for affected products are available from the Windows Update/Microsoft Update Catalog.
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4100480
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038
https://www.hkcert.org/my_url/en/alert/18040302
https://www.us-cert.gov/ncas/current-activity/2018/03/29/Microsoft-Release-Patch-Windows-7-and-Windows-Server-2008-R2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1038