Windows 10 News and info | Forum
April 26, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Last week’s Windows Zero-Day vulnerability already being exploited in the wild  (Read 50 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 29943

I Do Windows

WWW Email
« on: September 06, 2018, 11:21:18 AM »

We wrote last week of a frustrated security researcher revealing a new zero-day bug for fully-patched Windows 10 PCs which would allow any software running on your PC to gain system-level privileges.

The bug is a local exploit (ie the software needs to be running on your PC already) and involves the Windows task scheduler. At the time CERT/CC was unaware of a practical solution to this problem, and Microsoft has so far not released a fix.

Now The Register reports that the sample exploit code has already found its home in an exploit kit by hacker group PowerPool which is being used to move hijacked user accounts to full system administrator-level control of already infiltrated Windows boxes in Chile, Germany, India, the Philippines, Poland, Russia, the UK, America, and Ukraine.

They quote  ESET’s Matthieu Faou as saying:

“As one could have predicted, it took only two days before we first identified the use of this exploit in a malicious campaign from a group we have dubbed PowerPool.”

The exploit is being used to install a “reconnaissance” backdoor that takes screenshots to send to its command and control server and which can also execute can execute arbitrary commands.

While Microsoft has not released a patch yet some mitigation efforts is possible, useful for corporate and education settings with multiple users.  Clever IT’s Karsten Nilsen and Google Project Zero researcher James Forshaw suggest using access controls to prevent anyone writing to the C:\Windows\Tasks directory while Kevin Beaumont has also written up how to put in place rules that will detect attempted exploits.

Microsoft had earlier said they will be releasing a fix as part of Patch Tuesday, which should be some time next week.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 15, 2019, 12:10:26 PM