{"vulnerability": "CVE-2018-8440", "sightings": [{"uuid": "765ef3c4-6903-4481-9ded-decb3c522287", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "MISP/5bbf6053-1030-42b8-a9c7-4f460a021402", "content": "", "creation_timestamp": "2018-10-11T14:50:02.000000Z"}, {"uuid": "8bdd01c7-c36a-4ea2-bb02-ba0b59cf050f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "af0aacef-ed51-4115-99f2-80083b9c6385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971479", "content": "", "creation_timestamp": "2024-12-24T20:29:55.594377Z"}, {"uuid": "b132b4d1-8545-46d3-8c12-d67c11e5aa90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "51878e18-da97-4cb0-8715-664940fe3d6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/2319", "content": "RT @0patch: Comparing Our Micropatch With Microsoft's Official Patch For CVE-2018-8440 https://t.co/8jRsMIt31E http://twitter.com/BleepinComputer/status/1039682847588708352", "creation_timestamp": "2018-09-12T03:14:09.000000Z"}, {"uuid": "006ab3e4-80e5-4a8e-b2f4-ca1743975d4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:21.000000Z"}, {"uuid": "cd905ff2-1bd8-47f5-aff2-bd3502eef9fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/alpc_taskscheduler.rb", "content": "", "creation_timestamp": "2018-09-21T20:46:19.000000Z"}, {"uuid": "ea3849c1-43c6-40b6-99aa-263e4fe60e9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:49.000000Z"}, {"uuid": "5eecb73d-4e73-46a4-9959-3348e7fe55d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2018-8440", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d755fe9f-716c-46a9-8e0a-e4d872e4c82f", "content": "", "creation_timestamp": "2026-02-02T12:27:55.793913Z"}, {"uuid": "58af9445-e847-4cf7-a885-967b4fdd54c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "https://t.me/mikrotikninja/266", "content": "\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0435 63 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0435\u0441\u044f \u043a \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u043c Microsoft Windows, Microsoft Edge, Internet Explorer, Office, SharePoint Server, .NET Framework, ASP NET Core, ChakraCore, Azure IoT SDK \u0438 Adobe Flash Player. \n\n17 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0441\u0442\u0430\u0442\u0443\u0441 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445. \u0421\u0430\u043c\u043e\u0439 \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0431\u0440\u0435\u0448\u044c\u044e, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0435\u043f\u0435\u0440\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2018-8440. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0436\u0435 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u043d\u0430 \u043c\u0430\u0448\u0438\u043d\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0443 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0430\u0432\u0430 \u0434\u043e SYSTEM \u0447\u0435\u0440\u0435\u0437 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0449\u0438\u043a \u0437\u0430\u0434\u0430\u0447.\n\n\u0417\u0430\u043f\u0438\u0441\u044c \u0432\u0435\u0431\u0438\u043d\u0430\u0440\u0430 September Security Briefing Call - EMEA Russia \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0437\u0434\u0435\u0441\u044c.\n\n\u0410\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445 \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u043f\u043e\u0440\u0442\u0430\u043b\u0435 Security Update Guide.", "creation_timestamp": "2018-09-12T16:33:05.000000Z"}, {"uuid": "d6472df7-5624-4a08-8aa1-fbff43b13b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:09.000000Z"}, {"uuid": "0f55f534-c2ef-4c09-9071-43ae99a427ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=321", "content": "", "creation_timestamp": "2018-09-12T04:00:00.000000Z"}, {"uuid": "c4e23a40-6f4c-4426-8ac3-6a0cbe1356a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "exploited", "source": "https://t.me/CyberGovIL/13", "content": "\u05e6\u05d4\u05e8\u05d9\u05d9\u05dd \u05d8\u05d5\u05d1\u05d9\u05dd,\n\n\u05de\u05e6\"\u05d1 \u05e1\u05e7\u05d9\u05e8\u05d4 \u05d0\u05d5\u05d3\u05d5\u05ea \u05e2\u05d3\u05db\u05d5\u05df \u05d0\u05d1\u05d8\u05d7\u05d4 \u05d7\u05d5\u05d3\u05e9\u05d9 \u05e9\u05dc \u05de\u05d9\u05e7\u05e8\u05d5\u05e1\u05d5\u05e4\u05d8.\n\u05d1-11 \u05dc\u05d7\u05d5\u05d3\u05e9 \u05e4\u05e8\u05e1\u05de\u05d4 \u05de\u05d9\u05e7\u05e8\u05d5\u05e1\u05d5\u05e4\u05d8 \u05db- 60 \u05e2\u05d3\u05db\u05d5\u05e0\u05d9 \u05d0\u05d1\u05d8\u05d7\u05d4 \u05dc\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d1\u05ea\u05d5\u05db\u05e0\u05d5\u05ea \u05e0\u05ea\u05de\u05db\u05d5\u05ea, 17 \u05de\u05e1\u05d5\u05d5\u05d2\u05d5\u05ea \u05db\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea. 4 \u05de\u05ea\u05d5\u05da \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d3\u05d5\u05d5\u05d7\u05d5 \u05dc\u05e4\u05e0\u05d9 \u05d4\u05e4\u05e8\u05e1\u05d5\u05dd, \u05d0\u05d7\u05ea \u05de\u05d4\u05df \u05de\u05e0\u05d5\u05e6\u05dc\u05ea \u05d1\u05e4\u05d5\u05e2\u05dc \u05dc\u05ea\u05e7\u05d9\u05e4\u05d5\u05ea. \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d4\u05d7\u05de\u05d5\u05e8\u05d5\u05ea \u05d1\u05d9\u05d5\u05ea\u05e8 \u05e2\u05dc\u05d5\u05dc\u05d5\u05ea \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e4\u05d9\u05dd \u05d4\u05e4\u05e2\u05dc\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 (RCE). \n\n\u05d0\u05d7\u05ea \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05e9\u05e4\u05d5\u05e8\u05e1\u05dd \u05e2\u05d1\u05d5\u05e8\u05df \u05e2\u05d3\u05db\u05d5\u05df \u05d4\u05d9\u05d0 \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d1- Task Scheduler (CVE-2018-8440) \u05d4\u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05ea\u05d5\u05e7\u05e3 \u05d1\u05e2\u05dc \u05d2\u05d9\u05e9\u05d4 \u05de\u05e7\u05d5\u05de\u05d9\u05ea \u05d4\u05e2\u05dc\u05d0\u05ea \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05dc\u05e8\u05de\u05ea SYSTEM. \n\n\u05d4\u05de\u05e2\u05e8\u05da \u05e4\u05e8\u05e1\u05dd \u05d4\u05ea\u05e8\u05e2\u05d4 \u05dc\u05d2\u05d1\u05d9 \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d6\u05d5 \u05db\u05d0\u05df. \u05e4\u05d2\u05d9\u05e2\u05d5\u05ea \u05d6\u05d5 \u05de\u05e0\u05d5\u05e6\u05dc\u05ea \u05d1\u05e4\u05d5\u05e2\u05dc \u05dc\u05ea\u05e7\u05d9\u05e4\u05d5\u05ea \u05de\u05de\u05d5\u05e7\u05d3\u05d5\u05ea \u05d1\u05d7\u05d5\"\u05dc.", "creation_timestamp": "2018-09-12T08:51:51.000000Z"}, {"uuid": "9b57b566-bb84-4d5a-a033-f7045efed067", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "exploited", "source": "https://t.me/information_security_channel/20194", "content": "Microsoft Patches 61 Vulns, One Under Active Attack\nhttps://www.darkreading.com/microsoft-patches-61-vulns-one-under-active-attack/d/d-id/1332790?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\n\nCVE-2018-8440, which was publicly disclosed on Twitter in August, has already been used in a malware campaign.", "creation_timestamp": "2018-09-11T23:24:48.000000Z"}, {"uuid": "7f3102e0-3c2d-4129-a00b-1817ba073dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "seen", "source": "https://t.me/arpsyndicate/1309", "content": "#ExploitObserverAlert\n\nCVE-2018-8440\n\nDESCRIPTION: Exploit Observer has 45 entries related to CVE-2018-8440. An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.\n\nFIRST-EPSS: 0.973250000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T21:27:13.000000Z"}, {"uuid": "a702f462-2c05-41ce-a589-ea87bb2bb200", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "exploited", "source": "https://t.me/information_security_channel/20217", "content": "CVE-2018-8440 \u2013 Task Scheduler ALPC Zero-Day Exploit in the Wild\nhttps://blogs.quickheal.com/cve-2018-8440-task-scheduler-alpc-zero-day-exploit-wild/\n\nThe recent zero-day vulnerability CVE-2018-8440 in Windows Task Scheduler enables attackers to perform a privilege elevation on targeted machines. Microsoft has released a security advisory CVE-2018-8440 on September 11, 2018 to address this issue. According to Microsoft, successful exploitation of this vulnerability could run arbitrary code in the security context\u2026", "creation_timestamp": "2018-09-12T18:43:44.000000Z"}, {"uuid": "734dbb32-0ef9-41be-a7ff-2a07391646ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "exploited", "source": "https://t.me/cibsecurity/156", "content": "\ud83d\udd74 Microsoft Patches 61 Vulns, One Under Active Attack \ud83d\udd74\n\nCVE-2018-8440, which was publicly disclosed on Twitter in August, has already been used in a malware campaign.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading: \".", "creation_timestamp": "2018-09-11T23:30:55.000000Z"}, {"uuid": "620bccd4-1643-4676-ad4d-bceca4f0176b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-8440", "type": "exploited", "source": "https://t.me/cibsecurity/176", "content": "\u2754 CVE-2018-8440 \u2013 Task Scheduler ALPC Zero-Day Exploit in the Wild \u2754\n\nEstimated reading time: 1 minuteThe recent zero-day vulnerability CVE-2018-8440 in Windows Task Scheduler enables attackers to perform a privilege elevation on targeted machines. Microsoft has released a security advisory CVE-2018-8440 on September 11, 2018 to address this issue. According to Microsoft, successful exploitation of this vulnerability could run arbitrary code in the security context of the local system. About the vulnerability CVE-2018-8440 is a local privilege escalation vulnerability in the Windows Task Scheduler\u2019s Advanced Local Procedure Call (ALPC) interface. The ALPC endpoint in Windows task scheduler exports the SchRpcSetSecurity function, which allows us to set an arbitrary DACL without checking permissions. Exploiting the vulnerability ultimately allows a local unprivileged user to change the permissions of any file on the system. The exploit code release was announced on twitter, on 27th August 2018, by a security researcher who goes with the handle \u201cSandboxEscaper\u201d.\u00a0 Within days, PowerPool malware was found using the exploit to infect users. Vulnerable versions Windows 7 Windows 8.1 Windows 10 Windows Server 2008, 2012 and 2016 Quick Heal detection Quick Heal has released the following detection for the vulnerability CVE-2018-8440: Trojan.Win64 Trojan.IGeneric Quick Heal Security Labs is actively looking for new in-the-wild exploits for this vulnerability and ensuring coverage for them. References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440 Subject Matter Experts Sameer Patil |\u00a0Quick Heal Security Labs The post CVE-2018-8440 \u2013 Task Scheduler ALPC Zero-Day Exploit in the Wild appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.\n\n\ud83d\udcd6 Read\n\nvia \"Quick Heal Blog | Latest computer security news, tips, and advice\".", "creation_timestamp": "2018-09-12T15:32:14.000000Z"}]}