CVE-2018-8440

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Published: Sep 13, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8440
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_server_2012	r2	r2.x
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / windows_server_2008	r2-sp1	r2-sp1.x
microsoft / windows_7	--sp1	--sp1.x

http://www.securityfocus.com/bid/105153
http://www.securitytracker.com/id/1041578
https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440

Vulnerability Database

289,571

CVE-2018-8440