Cyber Resilience

CVE-2018-8440

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 13 September 2018

Published
13 September 2018
Modified
28 October 2025
KEV Added
28 March 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7419 98.9th percentile
Risk Priority 80 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-8440 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

An elevation of privilege vulnerability exists in Windows when the operating system improperly handles calls to Advanced Local Procedure Call (ALPC). Tracked as CVE-2018-8440, the flaw affects Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows 10, and Windows 10 Servers.

A local attacker with low privileges can exploit the issue without user interaction to obtain elevated rights on the target system, resulting in high impact to confidentiality, integrity, and availability.

Microsoft has published security guidance addressing the vulnerability through its advisory portal, while micropatch approaches have also been developed and compared for environments where standard updates may require additional measures.

EU & UK References

Vulnerability details

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…

more

2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CWE(s)
KEV Date Added
28 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1607
all versions
microsoft
windows 10 1703
all versions
microsoft
windows 10 1709
all versions
microsoft
windows 10 1803
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control policy on ALPC calls so a low-privileged caller cannot obtain elevated rights.

prevent

Requires that Windows components and user processes operate with only the privileges needed, blocking the elevation path exploited by CVE-2018-8440.

prevent

Mandates prompt installation of the Microsoft patches that correct the flawed ALPC handling in affected Windows versions.

References