ALPC Local PrivEsc

Description

(ESET) On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet.

It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no patch at the time this tweet (since deleted) was published to fix the vulnerability.

It affects Microsoft Windows OSes from Windows 7 to Windows 10, and in particular the Advanced Local Procedure Call (ALPC) function, and allows a Local Privilege Escalation (LPE). LPE allows an executable or process to escalate privileges. In that specific case, it allows an executable launched by a restricted user to gain administrative rights.

Names

Name
ALPC Local PrivEsc

Type

0-day

Information

https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.alpc_lpe
https://malpedia.caad.fkie.fraunhofer.de/details/win.powerpool

Other Information

Uuid

28800477-058d-4f60-bdab-719858a266dc

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

ALPC Local PrivEsc

ALPC Local PrivEsc

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks