⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-18.
CVE-2018-8440 — Microsoft Windows 10 vulnerability
13 documents9 sources
Severity
7.8HIGHNVD
EPSS
75.4%
top 1.11%
CISA KEV
KEVRansomware
Added 2022-03-28
Due 2022-04-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedSep 13
KEV addedMar 28
KEV dueApr 18
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.
Description
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages11 packages
▶CVEListV5microsoft/windows_server_2008_r2Itanium-Based Systems Service Pack 1, x64-based Systems Service Pack 1, x64-based Systems Service Pack 1 (Server Core installation)+2
▶CVEListV5microsoft/windows_10_serversversion 1709 (Server Core Installation), version 1803 (Server Core Installation)+1
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-jw7v-w46m-p6pp: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevat↗2022-05-13
CVEList▶
CVE-2018-8440: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevat↗2018-09-13