HIGHCVSS7.8

Actively Exploited

KB4457128: Windows Server Security Update (September 2018)

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

Published Sep 13, 2018 · Updated May 16, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

A local attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2022-04-18 under CISA BOD 22-01.

How the attack worksNo clicks needed

This vulnerability affects Microsoft Windows. An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

●Windows Administrators

●Systems Engineers

●IT Security

●Running windows 10 1607: -; windows 10 1703: -; windows 10 1709: -; windows 10 1803: -; windows 7: -; windows 8.1: -; windows rt 8.1: -; windows server 2008: -, r2; windows server 2012: -, r2; windows server 2016: -

Fixed inKB4457128, KB4457129, KB4457131, KB4457132, KB4457135, KB4457138, KB4457140, KB4457142, KB4457143, KB4457144, KB4457145, KB4457984, KB4458010 (applies to 31 product versions)

Real-world incidentsWhat we've seen

Used in known ransomware campaigns. Threat-research write-up: https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB4457128

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

KB4457128 — https://support.microsoft.com/help/4457128

KB4457129 — https://support.microsoft.com/help/4457129

KB4457131 — https://support.microsoft.com/help/4457131

KB4457132 — https://support.microsoft.com/help/4457132

KB4457135 — https://support.microsoft.com/help/4457135

KB4457138 — https://support.microsoft.com/help/4457138

KB4457140 — https://support.microsoft.com/help/4457140

KB4457142 — https://support.microsoft.com/help/4457142

KB4457143 — https://support.microsoft.com/help/4457143

KB4457144 — https://support.microsoft.com/help/4457144

KB4457145 — https://support.microsoft.com/help/4457145

KB4457984 — https://support.microsoft.com/help/4457984

KB4458010 — https://support.microsoft.com/help/4458010

Supersedes: KB4343885, KB4343887, KB4343892, KB4343897, KB4343898, KB4343900, KB4343901, KB4343909

Affected Products

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1703 for 32-bit Systems

Windows 10 Version 1703 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

(…11 more product versions)

Installation Methods

Windows Update (recommended)

Settings → Windows Update → Check for updates

The security update is offered if your system is in scope

Restart when prompted — a reboot IS required to complete the install

Microsoft Update Catalog (manual download)

Open https://catalog.update.microsoft.com

Search for KB4457128

Download the package matching your OS architecture and Windows build

Run the .msu installer with administrator privileges

Restart when prompted

WSUS / SCCM / Intune

Approve KB4457128 for the affected products in your update management console.

Microsoft Download Center Links

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457128

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457129

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457131

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457132

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4457135

(…8 more)

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB4457128','KB4457129','KB4457131','KB4457132','KB4457135','KB4457138','KB4457140','KB4457142','KB4457143','KB4457144','KB4457145','KB4457984','KB4458010') }

References

Microsoft Security Response Center: https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2018-8440

CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8440

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2018-8440 ↗ MSRC Advisory ↗ NVD ↗ KBKB4457128