The recent zero-day vulnerability CVE-2018-8440 in Windows Task Scheduler enables attackers to perform a privilege elevation on targeted machines. Microsoft has released a security advisory CVE-2018-8440 on September 11, 2018 to address this issue. According to Microsoft, successful exploitation of this vulnerability could run arbitrary code in the security context of the local system.<\/p>\n
About the vulnerability<\/strong> The exploit code release was announced on twitter, on 27th August 2018, by a security researcher who goes with the handle “SandboxEscaper”.\u00a0 Within days, PowerPool malware was found using the exploit to infect users.<\/p>\n Vulnerable versions<\/strong><\/p>\n Quick Heal detection<\/strong> Quick Heal Security Labs is actively looking for new in-the-wild exploits for this vulnerability and ensuring coverage for them.<\/p>\n References<\/strong><\/p>\n Subject Matter Experts<\/strong><\/p>\n Sameer Patil |\u00a0Quick Heal Security Labs<\/p>\n","protected":false},"excerpt":{"rendered":" The recent zero-day vulnerability CVE-2018-8440 in Windows Task Scheduler enables attackers to perform a privilege elevation on targeted machines. Microsoft has released a security advisory CVE-2018-8440 on September 11, 2018 to address this issue. According to Microsoft, successful exploitation of this vulnerability could run arbitrary code in the security context of the local system. About […]<\/p>\n","protected":false},"author":46,"featured_media":85593,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,5],"tags":[1621,1173,1249],"class_list":["post-86822","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-windows","category-security","tag-cve-2018-8440","tag-exploit","tag-windows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86822"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=86822"}],"version-history":[{"count":2,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86822\/revisions"}],"predecessor-version":[{"id":86825,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/86822\/revisions\/86825"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/85593"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=86822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=86822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=86822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nCVE-2018-8440 is a local privilege escalation vulnerability in the Windows Task Scheduler’s Advanced Local Procedure Call (ALPC) interface. The ALPC endpoint in Windows task scheduler exports the SchRpcSetSecurity function, which allows us to set an arbitrary DACL without checking permissions. Exploiting the vulnerability ultimately allows a local unprivileged user to change the permissions of any file on the system.<\/p>\n\n
\nQuick Heal has released the following detection for the vulnerability CVE-2018-8440:<\/p>\n\n
\n