The ALPC vulnerability (CVE-2018-8440), which is present in all supported and unpatched Microsoft Windows versions, is now being exploited by the Metasploit Kit.
Advertising
I had blogged several times about the ALPC vulnerability (CVE-2018-8440) (see links at the end of this article). Microsoft released corresponding fixes on September 11, 2018 (see Microsoft Security Update Summary September 11, 2018). So if you have patched, you are on the safe side. If you haven't installed the updates, you should know that cyber criminals can now exploit this vulnerability via the Metasploit kit, as the following tweet reports.
Upcoming Microsoft Windows ALPC Task Scheduler Local Privilege Elevation (CVE-2018-8440) exploit in #Metasploit !
Yes the 0day (now patched) found and disclosed by @SandboxEscaper
Thx @tychos_moose Aaron Soto @shellfail and @TheColonial for the hard work. https://t.co/M4wLWBt0hW pic.twitter.com/GRvK4StntR— Davy Douhine (@ddouhine) 20. September 2018
Simlar articles:
Microsoft Security Update Summary September 11, 2018
Windows 0-day ALPC vulnerability in task scheduler
Microsoft Patchday: Other Updates September 11, 2018
Advertising