The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

Topic

New Reply

One of this month’s security patches has taken on a more prominent position. CVE-2018-8440 — the ALPC privilege escalation bug — has just been added
[See the full post at: The Windows ALPC security hole CVE-2018-8440 is now readily exploitable]

2 users thanked author for this post.

Noel Carboni, Elly

Reply | Quote

Replies

Should the win 7/8.1 users go ahead install our security updates? The buggy Win10 cumulative updates obviously don’t affect us.

Reply | Quote

WAIT for the DEFCON number to go to 3 or above.

Woody is assessing the risks and will give the g0-ahead with the DEFCON rating. At that time he will also post instructions on ComputerWorld.

4 users thanked author for this post.

walker, woody, Elly, SueW

Reply | Quote

No rest for the weary.

No rest for the Wary?!

3 users thanked author for this post.

Noel Carboni, Elly, woody

Reply | Quote

I imagine Woody is probably also woozy by now!

1 user thanked author for this post.

woody

Reply | Quote

“Which means I’m looking hard at the MS-DEFCON 2 setting” …

Any update?

Thanks.

Reply | Quote

@Woody:  Could you please tell me what this ALPC security hole CVE-2018-8440 is?  There are so many acronyms I don’t understand a lot of what is being said.   Thank you, as always, for all you do for us!   It is sincerely appreciated and a Major accomplishment.    
<h2></h2>

Reply | Quote

I looked up ALPC on Google and it’s very technical and has to do with wide area networks, etc. (my understanding).  Too technical for me but you might want to give it a try.

Being 20 something in the 70's was so much better than being 70 something in the insane 20's

Reply | Quote

This has to do with the Windows Task Manager and related scheduled tasks.

ALPC class

https://docs.microsoft.com/en-us/windows/desktop/etw/alpc

“This class is the parent class for advanced local procedure call events.”

Windows Internals Guide

The Client/Server Model

Introduction

https://community.tribelab.com/mod/book/view.php?id=628&chapterid=214

ALPC can refer to the ALPC Class in the Microsoft Docs example, or Asynchronous Local Procedure Call, which is more complicated to explain.

The vulnerability is in the Windows Task Manager’s Advanced Local Procedure Call routines.

Beyond this, I would have to defer to some of the real experts around here as to who would be most affected, and what the level of risk is. Woody doesn’t seem to think it’s much of a threat to non-business users, as long as we aren’t currently infected or compromised by something else.

We remain at MS DEFCON-2, so now is not the time to patch for this issue.

-- rc primak

Reply | Quote

I got hit with the network connectivity problem on my Win 7 Pro 64-bit machine.

About five days ago, I installed the two updates from Sept 11 because Susan showed them as OK on her patch list page, but about two days ago started having internet connectivity issues on reboots.

SO I uninstalled three or four items that “Installed Updates” were showing with September dates, and it seems I am now OK.

Windows Updates is again showing me the same two items: KB 4457918 and KB 4457144.

Obviously, I shall wait until Woody gives the all-clear.

Thanks.

Reply | Quote