Vulnerability Details : CVE-2018-8440
Public exploit exists!
Used for ransomware!
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Vulnerability category: Gain privilege
Products affected by CVE-2018-8440
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*
CVE-2018-8440 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Windows Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2018-8440
Added on
2022-03-28
Action due date
2022-04-18
Exploit prediction scoring system (EPSS) score for CVE-2018-8440
75.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2018-8440
-
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation
Disclosure Date: 2018-08-27First seen: 2020-04-26exploit/windows/local/alpc_taskschedulerOn vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to `.job` files located in `c:\windows\tasks` because the scheduler does not use impersonation when checking this
CVSS scores for CVE-2018-8440
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2025-04-08 |
References for CVE-2018-8440
-
https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
0patch Blog: How We Micropatched a Publicly Dropped 0day in Task Scheduler (CVE-2018-8440)Exploit;Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1041578
Microsoft Windows ALPC Access Control Flaw Lets Local Users Obtain System Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
0patch Blog: Comparing Our Micropatch With Microsoft's Official Patch For CVE-2018-8440Third Party Advisory
-
http://www.securityfocus.com/bid/105153
Microsoft Windows Task Scheduler ALPC Interface Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440
CVE-2018-8440 | Windows ALPC Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Jump to