CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-8440

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score35.5870%
EPSS Percentile93.67th
Published2018年9月13日
Last Modified2025年10月28日

Vulnerability Description

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Affected Platforms (CPE)

💻
Microsoft

Windows 10 1607

All versions
💻
Microsoft

Windows 10 1703

All versions
💻
Microsoft

Windows 10 1709

All versions
💻
Microsoft

Windows 10 1803

All versions
💻
Microsoft

Windows 7

All versions
💻
Microsoft

Windows 8.1

All versions
💻
Microsoft

Windows Rt 8.1

All versions
💻
Microsoft

Windows Server 2008

All versions
💻
Microsoft

Windows Server 2008

= r2
💻
Microsoft

Windows Server 2012

All versions
💻
Microsoft

Windows Server 2012

= r2
💻
Microsoft

Windows Server 2016

All versions

References & Advisories

🔗 http://www.securityfocus.com/bid/105153
🔗 http://www.securitytracker.com/id/1041578
🔗 https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html
🔗 https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440
🔗 http://www.securityfocus.com/bid/105153
🔗 http://www.securitytracker.com/id/1041578
🔗 https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html

関連する脆弱性情報

CVE-2017-85899.8

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 1...

CVE-2017-85439.8

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R...

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2017-117719.8

The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server...