VDB

CVE-2018-8440

CVE-2018-8440 PUBLISHED KEV CVSS 7.199999809265137 HIGH

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

EPSS 74.19% · 98.9th percentile

Risk Scores

CVSS 2.0
7.199999809265137
EPSS Score
74.19%
98.9th percentile

Affected Products

VendorProductVersions
MicrosoftWindows Server 200832-bit Systems Service Pack 2 (Server Core installation), Itanium-Based Systems Service Pack 2, x64-based Systems Service Pack 2
microsoftwindows_10_1703
microsoftwindows_7
microsoftwindows_10_1803
MicrosoftWindows Server 2016*
MicrosoftWindows Server 2008 R2x64-based Systems Service Pack 1 (Server Core installation), x64-based Systems Service Pack 1, Itanium-Based Systems Service Pack 1
MicrosoftWindows 8.1x64-based systems, 32-bit systems
microsoftwindows_10_1607
microsoftwindows_server_2008r2
MicrosoftWindows 7x64-based Systems Service Pack 1, *
microsoftwindows_server_2012r2
microsoftwindows_10_1709
MicrosoftWindows RT 8.1Windows RT 8.1
MicrosoftWindows 10*, 32-bit Systems, Version 1607 for 32-bit Systems
microsoftwindows_rt_8.1
MicrosoftWindows Server 2012*
MicrosoftWindows Server 2012 R2(Server Core installation)
MicrosoftWindows 10 Servers*, version 1803 (Server Core Installation)
microsoftwindows_server_2016
microsoftwindows_8.1

Timeline

  • Sep 12, 2018 PoC Published
  • Sep 13, 2018 CVE Published
  • Sep 21, 2018 PoC Published
  • Sep 22, 2018 PoC Published
  • Oct 11, 2018 PoC Published
  • Apr 14, 2021 EPSS Score
  • Sep 14, 2021 EPSS Score
  • Sep 16, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 9, 2022 EPSS Score
  • Mar 28, 2022 CISA KEV Added
  • Mar 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›