Vulnerability Note VU#906424
Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface
Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the Advanced Local Procedure Call (ALPC) interface, which can allow a local user to obtain SYSTEM privileges.
The Microsoft Windows task scheduler SchRpcSetSecurity API contains a vulnerability in the handling of ALPC, which can allow an authenticated user to overwrite the contents of a file that should be protected by filesystem ACLs. This can be leveraged to gain SYSTEM privileges. We have confirmed that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems. We have also confirmed compatibility with 32-bit Windows 10 with minor modifications to the public exploit code. Compatibility with other Windows versions is possible with further modifications.
This vulnerability is being exploited in the wild.
An authenticated local user may be able to gain elevated (SYSTEM) privileges.
Apply an update
Deploy Microsoft Sysmon Detection Rules
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||27 Aug 2018||11 Sep 2018|
CVSS Metrics (Learn More)
This issue was publicly disclosed by SandboxEscaper.
This document was written by Will Dormann.
- CVE IDs: CVE-2018-8440
- Date Public: 27 Aug 2018
- Date First Published: 27 Aug 2018
- Date Last Updated: 13 Sep 2018
- Document Revision: 67
If you have feedback, comments, or additional information about this vulnerability, please send us email.