• The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

    One of this month’s security patches has taken on a more prominent position.

    CVE-2018-8440 — the ALPC privilege escalation bug — has just been added to the Metasploit trove.

    No, the sky isn’t falling. Yes, you’re going to see the ALPC exploit more frequently.

    Remember, CVE-2018-8440 is a privilege escalation security hole, which means it only comes into play if your machine is already running an invasive program.

    This just turns up the pressure to get this month’s patches installed. Which means I’m looking hard at the MS-DEFCON 2 setting, and cursing the fickle Win10 cumulative update gods, who gave us three cumulative updates in the past 10 days. The third of which may well be malfunctioning and pulled already.

    No rest for the weary.