CVE-2018-8440: Microsoft Windows Privilege Escalation Vulnerability
First published: Thu Sep 13 2018(Updated: )
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Windows 10 | ||
| Windows 10 | =1607 | |
| Windows 10 | =1703 | |
| Windows 10 | =1709 | |
| Windows 10 | =1803 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2016 | =1709 | |
| Microsoft Windows Server 2016 | =1803 | |
| Microsoft Windows Operating System | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/105153
- http://www.securitytracker.com/id/1041578
- https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
- https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440
- https://nvd.nist.gov/vuln/detail/CVE-2018-8440
Frequently Asked Questions
What is the severity of CVE-2018-8440?
CVE-2018-8440 has a severity rating of 'Important' as it allows for elevation of privilege in Windows.
How do I fix CVE-2018-8440?
To fix CVE-2018-8440, you should apply the latest security updates provided by Microsoft.
What versions of Windows are affected by CVE-2018-8440?
CVE-2018-8440 affects multiple versions including Windows 7, Windows 8.1, Windows 10, and Windows Server variants.
Can I exploit CVE-2018-8440 remotely?
Exploitation of CVE-2018-8440 requires local access to the system, so it is not a remote exploit.
What are the potential impacts of CVE-2018-8440?
Successful exploitation of CVE-2018-8440 could allow an attacker to run arbitrary code with elevated system privileges.
- agent/type
- agent/remedy
- agent/description
- agent/title
- agent/first-publish-date
- agent/references
- agent/author
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-api
- vendor/microsoft
- canonical/windows 10
- version/windows 10/1607
- version/windows 10/1703
- version/windows 10/1709
- version/windows 10/1803
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows
- canonical/microsoft windows rt
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- canonical/microsoft windows server 2016
- version/microsoft windows server 2016/1709
- version/microsoft windows server 2016/1803
- canonical/microsoft windows operating system
- canonical/microsoft windows 10