Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

    Home Forums AskWoody blog The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

    This topic contains 9 replies, has 9 voices, and was last updated by  glnz 2 months, 1 week ago.

    • Author
      Posts
    • #218975 Reply

      woody
      Da Boss

      One of this month’s security patches has taken on a more prominent position. CVE-2018-8440 — the ALPC privilege escalation bug — has just been added
      [See the full post at: The Windows ALPC security hole CVE-2018-8440 is now readily exploitable]

      2 users thanked author for this post.
    • #218995 Reply

      anonymous

      Should the win 7/8.1 users go ahead install our security updates? The buggy Win10 cumulative updates obviously don’t affect us.

      • #219008 Reply

        PKCano
        AskWoody MVP

        WAIT for the DEFCON number to go to 3 or above.

        Woody is assessing the risks and will give the g0-ahead with the DEFCON rating. At that time he will also post instructions on ComputerWorld.

        4 users thanked author for this post.
    • #219043 Reply

      Kirsty
      AskWoody MVP

      No rest for the weary.

      No rest for the Wary?!

      3 users thanked author for this post.
      • #219059 Reply

        Seff
        AskWoody Lounger

        I imagine Woody is probably also woozy by now!

        1 user thanked author for this post.
    • #219679 Reply

      glnz
      AskWoody Lounger

      “Which means I’m looking hard at the MS-DEFCON 2 setting” …

      Any update?

      Thanks.

    • #219680 Reply

      walker
      AskWoody Lounger

      @woody:  Could you please tell me what this ALPC security hole CVE-2018-8440 is?  There are so many acronyms I don’t understand a lot of what is being said.   Thank you, as always, for all you do for us!   It is sincerely appreciated and a Major accomplishment.     🙂
      <h2></h2>

      • #219849 Reply

        Charlie
        AskWoody Lounger

        I looked up ALPC on Google and it’s very technical and has to do with wide area networks, etc. (my understanding).  Too technical for me but you might want to give it a try.

        Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

        • This reply was modified 2 months, 2 weeks ago by  Charlie.
      • #220082 Reply

        rc primak
        AskWoody MVP

        This has to do with the Windows Task Manager and related scheduled tasks.

        ALPC class

        https://docs.microsoft.com/en-us/windows/desktop/etw/alpc

        “This class is the parent class for advanced local procedure call events.”

        Windows Internals Guide

        The Client/Server Model

        Introduction

        https://community.tribelab.com/mod/book/view.php?id=628&chapterid=214

        ALPC can refer to the ALPC Class in the Microsoft Docs example, or Asynchronous Local Procedure Call, which is more complicated to explain.

        The vulnerability is in the Windows Task Manager’s Advanced Local Procedure Call routines.

        Beyond this, I would have to defer to some of the real experts around here as to who would be most affected, and what the level of risk is. Woody doesn’t seem to think it’s much of a threat to non-business users, as long as we aren’t currently infected or compromised by something else.

        We remain at MS DEFCON-2, so now is not the time to patch for this issue.

        -- rc primak

        • This reply was modified 2 months, 2 weeks ago by  rc primak.
    • #220588 Reply

      glnz
      AskWoody Lounger

      I got hit with the network connectivity problem on my Win 7 Pro 64-bit machine.

      About five days ago, I installed the two updates from Sept 11 because Susan showed them as OK on her patch list page, but about two days ago started having internet connectivity issues on reboots.

      SO I uninstalled three or four items that “Installed Updates” were showing with September dates, and it seems I am now OK.

      Windows Updates is again showing me the same two items: KB 4457918 and KB 4457144.

      Obviously, I shall wait until Woody gives the all-clear.

      Thanks.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.