Jump to content

New Task Scheduler vulnerability (Win-7 / XP affected?)


Nomen

Recommended Posts

I'd like to know if win-7 and XP is also vulnerable to this - and how exactly does this thing get into/onto a system in the first place.

https://betanews.com/2018/09/05/windows-task-scheduler-bug-malware/

It's a little over a week since a vulnerability in the Windows Task Scheduler was revealed. A patch for the 0-day has been released by third party security firm 0patch, but there's bad news for anyone who hasn't secure their system against the security threat -- malware writers are already taking advantage of the flaw.

The exploit was partly facilitated by the fact that the source code for a proof-of-concept exploit for the ALPC LPE vulnerability -- as well as a binary -- was published on GitHub. Now a group that has been named PowerPool has been spotted using the code in a malware campaign.

 

Link to comment
Share on other sites


better finish it

Quote

the threat actor used a flaw in the SchRpcSetSecurity API function to gain write access to the file GoogleUpdate.exe. Then, the explanation continues, "they overwrite it with a copy of their second-stage malware in order to gain SYSTEM privileges the next time the updater is called". The second-stage malware is a backdoor.

 

good I say !

Edited by vinifera
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...