September Patch Tuesday 2018 has been released, fixing a total of 62 security vulnerabilities. The fixes include a recently discovered zero-day bug which was exploited in the wild. This vulnerability has been given the CVE-2018-8440 identifier.
More about CVE-2018-8440
The brand new Windows zero-day flaw is also known as ALPC LPE and, as mentioned, it has been exploited in the wild.
The attacks happened soon after information about the zero-day was published online. Users from all over the world have been affected. In fact, details about the Windows LPE zero-day vulnerability were initially posted on August 27, 2018 on GitHub and popularized via a Twitter post which was later deleted. Nonetheless, hackers were quick to adopt the information and include it in their attacks.
The vulnerability itself is a bug in the Windows operating system and is known to impact versions from Windows 7 to Windows 10 depending on the Advanced Local Procedure Call (ALPC) function, the result of which is a Local Privilege Escalation (LPE). This effectively allows malicious code to gain administrative privileges and modify the system as programmed. The original tweet linked to a GitHub repository containing Proof-of-Concept code. This effectively allows any individual to download the sample code and use it as they like — in its original form, modified or embedded in a payload.
The PowerPool hackers, a previously unknown hacking collective, has been found to orchestrate an attack campaign built on the CVE-2018-8440 zero-day. Even though a limited number of users have been affected, the locations of the infected machines showcase that the campaigns are global. The list of infected countries includes Chile, Germany, India, the Philippines, Poland, Russia, the United Kingdom, the United States and Ukraine. The good news is that the zero-day has been fixed in September 2018 Patch Tuesday.
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/cve-2018-8440-zero-day-fixed-september-2018-patch-tuesday/