Setembro Patch Tuesday 2018 foi lançado, a fixação de um total de 62 vulnerabilidades de segurança. As correções incluem um bug zero-day recentemente descoberto que foi explorado na natureza. Esta vulnerabilidade foi dado o identificador CVE-2018-8440.
More about CVE-2018-8440
The brand new Windows zero-day flaw is also known as ALPC LPE and, as mentioned, tem sido explorado na selva.
The attacks happened soon after information about the zero-day was published online. Users from all over the world have been affected. De fato, details about the Windows LPE zero-day vulnerability were initially posted on August 27, 2018 no GitHub e popularizado através de um post no Twitter que mais tarde foi eliminado. Não obstante, hackers were quick to adopt the information and include it in their attacks.
The vulnerability itself is a bug in the Windows operating system and is known to impact versions from Windows 7 para o Windows 10 dependendo do avançado local Procedure Call (ALPC) função, the result of which is a Local Privilege Escalation (LPE). This effectively allows malicious code to gain administrative privileges and modify the system as programmed. O Piu original é ligada a um repositório GitHub contendo código Prova de Conceito. This effectively allows any individual to download the sample code and use it as they like — in its original form, modificada ou incorporado em uma carga útil.
o PowerPool hackers, um coletivo pirataria anteriormente desconhecida, has been found to orchestrate an attack campaign built on the CVE-2018-8440 zero-day. Even though a limited number of users have been affected, the locations of the infected machines showcase that the campaigns are global. The list of infected countries includes Chile, Alemanha, Índia, as Filipinas, Polônia, Rússia, o Reino Unido, Estados Unidos e Ucrânia. The good news is that the zero-day has been fixed in September 2018 patch Tuesday.
It should be mentioned that even though this zero-day was the only one to be actively exploited, it is not the only vulnerability which became public before Microsoft’s corresponding patch. Dito, details about three other serious security flaws [one rated important, and two rated critical] were available to the public, though no attacker seems to have leveraged them. These vulnerabilities are:
– CVE-2018-8409, described as a System.IO.Pipelines Denial of Service vulnerability;
– CVE-2018-8457, or a Scripting Engine Memory Corruption vulnerability;
– CVE-2018-8475, or a Windows Remote Code Execution vulnerability.
Other patches in this month’s Patch Tuesday address vulnerabilities in products such as Microsoft Windows, Microsoft borda, Internet Explorer, ASP.NET, o .NET Framework, Edge’s ChakraCore component, Adobe Flash Player, Microsoft.Data.OData, Microsoft Office, Microsoft Office Services and Web Apps. For full reference, Visita Microsoft.