CVE-2018-8440

Name of the Vulnerable Software and Affected Versions Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers

Description The issue is related to an elevation of privilege vulnerability when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). This vulnerability is associated with insufficient access restrictions in the SchRpcSetSecurity function of the ALPC interface. Exploitation of this vulnerability may allow an attacker to execute malicious code with SYSTEM privileges using a specially crafted library.

Recommendations For Windows 7, apply the recommended patch to fix the vulnerability. For Windows Server 2012 R2, apply the recommended patch to fix the vulnerability. For Windows RT 8.1, apply the recommended patch to fix the vulnerability. For Windows Server 2008, apply the recommended patch to fix the vulnerability. For Windows Server 2012, apply the recommended patch to fix the vulnerability. For Windows 8.1, apply the recommended patch to fix the vulnerability. For Windows Server 2016, apply the recommended patch to fix the vulnerability. For Windows Server 2008 R2, apply the recommended patch to fix the vulnerability. For Windows 10, apply the recommended patch to fix the vulnerability. For Windows 10 Servers, apply the recommended patch to fix the vulnerability. As a temporary workaround, consider restricting access to the SchRpcSetSecurity function until a patch is available.