Nomen Posted September 6, 2018 Share Posted September 6, 2018 I'd like to know if win-7 and XP is also vulnerable to this - and how exactly does this thing get into/onto a system in the first place. https://betanews.com/2018/09/05/windows-task-scheduler-bug-malware/ It's a little over a week since a vulnerability in the Windows Task Scheduler was revealed. A patch for the 0-day has been released by third party security firm 0patch, but there's bad news for anyone who hasn't secure their system against the security threat -- malware writers are already taking advantage of the flaw. The exploit was partly facilitated by the fact that the source code for a proof-of-concept exploit for the ALPC LPE vulnerability -- as well as a binary -- was published on GitHub. Now a group that has been named PowerPool has been spotted using the code in a malware campaign. Link to comment Share on other sites More sharing options...
vinifera Posted September 6, 2018 Share Posted September 6, 2018 (edited) better finish it Quote the threat actor used a flaw in the SchRpcSetSecurity API function to gain write access to the file GoogleUpdate.exe. Then, the explanation continues, "they overwrite it with a copy of their second-stage malware in order to gain SYSTEM privileges the next time the updater is called". The second-stage malware is a backdoor. good I say ! Edited September 6, 2018 by vinifera Link to comment Share on other sites More sharing options...
Chronius Posted September 6, 2018 Share Posted September 6, 2018 (edited) banana Edited September 15, 2018 by Chronius Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now