The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

[woodyDa Boss]

One of this month’s security patches has taken on a more prominent position. CVE-2018-8440 — the ALPC privilege escalation bug — has just been added
[See the full post at: The Windows ALPC security hole CVE-2018-8440 is now readily exploitable]

2 users thanked author for this post.

Noel Carboni, Elly

[anonymous]

Should the win 7/8.1 users go ahead install our security updates? The buggy Win10 cumulative updates obviously don’t affect us.

[PKCanoAskWoody MVP]

WAIT for the DEFCON number to go to 3 or above.

Woody is assessing the risks and will give the g0-ahead with the DEFCON rating. At that time he will also post instructions on ComputerWorld.

4 users thanked author for this post.

walker, woody, Elly, SueW

[KirstyAskWoody MVP]

No rest for the weary.

No rest for the Wary?!

3 users thanked author for this post.

Noel Carboni, Elly, woody

[SeffAskWoody Lounger]

I imagine Woody is probably also woozy by now!

1 user thanked author for this post.

woody

[glnzAskWoody Lounger]

“Which means I’m looking hard at the MS-DEFCON 2 setting” …

Any update?

Thanks.

[walkerAskWoody Lounger]

@woody:  Could you please tell me what this ALPC security hole CVE-2018-8440 is?  There are so many acronyms I don’t understand a lot of what is being said.   Thank you, as always, for all you do for us!   It is sincerely appreciated and a Major accomplishment.     🙂
<h2></h2>

[CharlieAskWoody Lounger]

I looked up ALPC on Google and it’s very technical and has to do with wide area networks, etc. (my understanding).  Too technical for me but you might want to give it a try.

Win 7 Home Premium, x64, Intel i3-2120 3.3GHz, Group B

• This reply was modified 2 months, 2 weeks ago by  Charlie.

[rc primakAskWoody MVP]

This has to do with the Windows Task Manager and related scheduled tasks.

ALPC class

https://docs.microsoft.com/en-us/windows/desktop/etw/alpc

“This class is the parent class for advanced local procedure call events.”

Windows Internals Guide

The Client/Server Model

Introduction

https://community.tribelab.com/mod/book/view.php?id=628&chapterid=214

ALPC can refer to the ALPC Class in the Microsoft Docs example, or Asynchronous Local Procedure Call, which is more complicated to explain.

The vulnerability is in the Windows Task Manager’s Advanced Local Procedure Call routines.

Beyond this, I would have to defer to some of the real experts around here as to who would be most affected, and what the level of risk is. Woody doesn’t seem to think it’s much of a threat to non-business users, as long as we aren’t currently infected or compromised by something else.

We remain at MS DEFCON-2, so now is not the time to patch for this issue.

-- rc primak

• This reply was modified 2 months, 2 weeks ago by  rc primak.

[glnzAskWoody Lounger]

I got hit with the network connectivity problem on my Win 7 Pro 64-bit machine.

About five days ago, I installed the two updates from Sept 11 because Susan showed them as OK on her patch list page, but about two days ago started having internet connectivity issues on reboots.

SO I uninstalled three or four items that “Installed Updates” were showing with September dates, and it seems I am now OK.

Windows Updates is again showing me the same two items: KB 4457918 and KB 4457144.

Obviously, I shall wait until Woody gives the all-clear.

Thanks.

[Author]

Posts