Blog
Sameer Patil

CVE-2018-8440 – Task Scheduler ALPC Zero-Day Exploit in the Wild

September 12, 2018
  • 10
    Shares
0
Estimated reading time: 1 minute

The recent zero-day vulnerability CVE-2018-8440 in Windows Task Scheduler enables attackers to perform a privilege elevation on targeted machines. Microsoft has released a security advisory CVE-2018-8440 on September 11, 2018 to address this issue. According to Microsoft, successful exploitation of this vulnerability could run arbitrary code in the security context of the local system.

About the vulnerability
CVE-2018-8440 is a local privilege escalation vulnerability in the Windows Task Scheduler’s Advanced Local Procedure Call (ALPC) interface. The ALPC endpoint in Windows task scheduler exports the SchRpcSetSecurity function, which allows us to set an arbitrary DACL without checking permissions. Exploiting the vulnerability ultimately allows a local unprivileged user to change the permissions of any file on the system.

The exploit code release was announced on twitter, on 27th August 2018, by a security researcher who goes with the handle “SandboxEscaper”.  Within days, PowerPool malware was found using the exploit to infect users.

Vulnerable versions

  • Windows 7
  • Windows 8.1
  • Windows 10
  • Windows Server 2008, 2012 and 2016

Quick Heal detection
Quick Heal has released the following detection for the vulnerability CVE-2018-8440:

  • Trojan.Win64
  • Trojan.IGeneric

Quick Heal Security Labs is actively looking for new in-the-wild exploits for this vulnerability and ensuring coverage for them.

References

  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440

Subject Matter Experts

Sameer Patil | Quick Heal Security Labs

  • 10
    Shares

Have something to add to this story? Share it in the comments.

Sameer Patil
About Sameer Patil
Sameer Patil is part of the IPS team in Quick Heal. He has 4 years of experience working in different security products and architectures. His interest lies in...
Articles by Sameer Patil »

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image