CVE-2018-8440
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 14, 2018
- Published Date
- September 13, 2018
- Last Updated
- February 07, 2025
- Vendor
- Microsoft
- Product
- Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers
- Description
- An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440
https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
http://www.securitytracker.com/id/1041578
http://www.securityfocus.com/bid/105153
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-28 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/alpc_taskscheduler.rb | 2025-04-29 11:01:40 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
alpc_taskscheduler
Type: metasploit • Created: Unknown
Metasploit module for CVE-2018-8440
sourceincite/CVE-2018-8440
Type: github • Created: 2018-10-31 17:00:43 UTC • Stars: 79
CVE-2018-8440 standalone exploit