Newsletter Archives

• The Windows ALPC security hole CVE-2018-8440 is now readily exploitable

  Posted on September 22, 2018 at 06:44 CDT by woody • Comment in the Forums

  One of this month’s security patches has taken on a more prominent position.

  CVE-2018-8440 — the ALPC privilege escalation bug — has just been added to the Metasploit trove.

  No, the sky isn’t falling. Yes, you’re going to see the ALPC exploit more frequently.

  Remember, CVE-2018-8440 is a privilege escalation security hole, which means it only comes into play if your machine is already running an invasive program.

  This just turns up the pressure to get this month’s patches installed. Which means I’m looking hard at the MS-DEFCON 2 setting, and cursing the fickle Win10 cumulative update gods, who gave us three cumulative updates in the past 10 days. The third of which may well be malfunctioning and pulled already.

  No rest for the weary.

  Windows Patches/Security ALPC, CVE-2018-8440, September 2018 Black Tuesday

• Details on the Task Scheduler ALPC zero-day

  Posted on August 28, 2018 at 07:59 CDT by woody • Comment in the Forums

  Kevin Beaumont (@GossiTheDog) just published an excellent overview of the newly touted ALPC zero-day in Task Scheduler. Complete with working exploit code.

  The flaw is that the Task Scheduler API function SchRpcSetSecurity fails to check permissions. So anybody — even a guest — can call it and set file permissions on anything locally.

  It’s a privilege escalation bug, allowing an offending program to leapfrog itself from running in user mode to take over the machine.

  Catalin Cimpanu on Bleeping Computer posted the initial revelation from @SandboxEscaper, who posted original exploit code on GitHub, then deleted their Twitter account.

  Nothing to worry about yet, but expect to see a fix for all versions of Windows before too long.

  Windows Patches/Security ALPC, Zero Day