7.8

CVE-2018-8440

Warnung
Exploit
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 10 1607 Version-
MicrosoftWindows 10 1703 Version-
MicrosoftWindows 10 1709 Version-
MicrosoftWindows 10 1803 Version-
MicrosoftWindows 7 Version- Updatesp1
MicrosoftWindows 8.1 Version-
MicrosoftWindows Rt 8.1 Version-
MicrosoftWindows Server 2008 Version- Updatesp2
MicrosoftWindows Server 2008 Versionr2 Updatesp1

28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Privilege Escalation Vulnerability

Schwachstelle

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.39% 0.969
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/bid/105153
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041578
Third Party Advisory
VDB Entry
https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
Patch
Third Party Advisory
Exploit
https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440
Patch
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8440
US Government Resource