VDB
CVE-2018-8440
CVE-2018-8440
PUBLISHED
KEV
CVSS 7.199999809265137 HIGH
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
EPSS 74.19% · 98.9th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
74.19%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Server 2008 | 32-bit Systems Service Pack 2 (Server Core installation), Itanium-Based Systems Service Pack 2, x64-based Systems Service Pack 2 |
| microsoft | windows_10_1703 | |
| microsoft | windows_7 | |
| microsoft | windows_10_1803 | |
| Microsoft | Windows Server 2016 | * |
| Microsoft | Windows Server 2008 R2 | x64-based Systems Service Pack 1 (Server Core installation), x64-based Systems Service Pack 1, Itanium-Based Systems Service Pack 1 |
| Microsoft | Windows 8.1 | x64-based systems, 32-bit systems |
| microsoft | windows_10_1607 | |
| microsoft | windows_server_2008 | r2 |
| Microsoft | Windows 7 | x64-based Systems Service Pack 1, * |
| microsoft | windows_server_2012 | r2 |
| microsoft | windows_10_1709 | |
| Microsoft | Windows RT 8.1 | Windows RT 8.1 |
| Microsoft | Windows 10 | *, 32-bit Systems, Version 1607 for 32-bit Systems |
| microsoft | windows_rt_8.1 | |
| Microsoft | Windows Server 2012 | * |
| Microsoft | Windows Server 2012 R2 | (Server Core installation) |
| Microsoft | Windows 10 Servers | *, version 1803 (Server Core Installation) |
| microsoft | windows_server_2016 | |
| microsoft | windows_8.1 |
Timeline
- Sep 12, 2018 PoC Published
- Sep 13, 2018 CVE Published
- Sep 21, 2018 PoC Published
- Sep 22, 2018 PoC Published
- Oct 11, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Sep 14, 2021 EPSS Score
- Sep 16, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 9, 2022 EPSS Score
- Mar 28, 2022 CISA KEV Added
- Mar 7, 2023 EPSS Score
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440 url
- https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html url
- https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html url
- 1041578 vdb
- 105153 vdb
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8440 url
- https://portal.msrc.microsoft.com/fr-FR/security-guidance advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-8440 advisory