CVE-2018-8440 Zero-Day Fixed in September 2018 Patch Tuesday
NEWS

CVE-2018-8440 Zero-Day Fixed in September 2018 Patch Tuesday

September Patch Tuesday 2018 has been released, fixing a total of 62 security vulnerabilities. The fixes include a recently discovered zero-day bug which was exploited in the wild. This vulnerability has been given the CVE-2018-8440 identifier.




More about CVE-2018-8440

The brand new Windows zero-day flaw is also known as ALPC LPE and, as mentioned, it has been exploited in the wild.

The attacks happened soon after information about the zero-day was published online. Users from all over the world have been affected. In fact, details about the Windows LPE zero-day vulnerability were initially posted on August 27, 2018 on GitHub and popularized via a Twitter post which was later deleted. Nonetheless, hackers were quick to adopt the information and include it in their attacks.

The vulnerability itself is a bug in the Windows operating system and is known to impact versions from Windows 7 to Windows 10 depending on the Advanced Local Procedure Call (ALPC) function, the result of which is a Local Privilege Escalation (LPE). This effectively allows malicious code to gain administrative privileges and modify the system as programmed. The original tweet linked to a GitHub repository containing Proof-of-Concept code. This effectively allows any individual to download the sample code and use it as they like — in its original form, modified or embedded in a payload.

The PowerPool hackers, a previously unknown hacking collective, has been found to orchestrate an attack campaign built on the CVE-2018-8440 zero-day. Even though a limited number of users have been affected, the locations of the infected machines showcase that the campaigns are global. The list of infected countries includes Chile, Germany, India, the Philippines, Poland, Russia, the United Kingdom, the United States and Ukraine. The good news is that the zero-day has been fixed in September 2018 Patch Tuesday.

It should be mentioned that even though this zero-day was the only one to be actively exploited, it is not the only vulnerability which became public before Microsoft’s corresponding patch. That being said, details about three other serious security flaws [one rated important, and two rated critical] were available to the public, though no attacker seems to have leveraged them. These vulnerabilities are:

– CVE-2018-8409, described as a System.IO.Pipelines Denial of Service vulnerability;
– CVE-2018-8457, or a Scripting Engine Memory Corruption vulnerability;
– CVE-2018-8475, or a Windows Remote Code Execution vulnerability.

Other patches in this month’s Patch Tuesday address vulnerabilities in products such as Microsoft Windows, Microsoft Edge, Internet Explorer, ASP.NET, the .NET Framework, Edge’s ChakraCore component, Adobe Flash Player, Microsoft.Data.OData, Microsoft Office, Microsoft Office Services and Web Apps. For full reference, visit Microsoft.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...