PT-2018-1810 · Microsoft · Windows 10 Servers+4
Published
2018-11-13
·
Updated
2019-10-03
·
CVE-2018-8584
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Windows Server 2016
Windows 10
Windows Server 2019
Windows 10 Servers
Description
The issue arises from improper handling of calls to Advanced Local Procedure Call (ALPC) in Windows, leading to an elevation of privilege. This can be exploited by an attacker using a specially crafted application to gain elevated privileges.
Recommendations
For Windows Server 2016, update to a version that includes the fix for this issue.
For Windows 10, update to a version that includes the fix for this issue.
For Windows Server 2019, update to a version that includes the fix for this issue.
For Windows 10 Servers, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to sensitive resources and implementing additional security measures to minimize the risk of exploitation.
Exploit
Fix
LPE
Improper Access Control
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Windows
Windows 10
Windows 10 Servers
Windows Server 2016
Windows Server 2019