PowerPool Hackers Exploit Newly Identified Windows Zero-Day Vulnerability

A new Microsoft Windows zero-day vulnerability known as ALPC LPE has been exploited in the wild. The dangerous fact is that the hacking attacks happened soon after the information was published online. Users from all over the world are affected.

Powerpool Hackers Are Behind the Windows Zero-day Vulnerability

Details about the Windows LPE zero-day vulnerability were initially posted on August 27 2018 on GitHub and popularized via a Twitter post which was later deleted. Still details about its presence made its way to hackers as there are reports of attacks leveraging it.

The vulnerability itself is a bug in the Windows operating system itself impacting versions from Windows 7 to Windows 10 depending on the Advanced Local Procedure Call (ALPC) function, the result of the is a Local Privilege Escalation (LPE). This effectively allows malicious code to gain administrative privileges and modify the system as programmed. The original tweet linked to a GitHub repository containing Proof-of-Concept code. This effectively allows computer users to download the sample code and use it as they like — in its original form, modified or embedded in a payload.

The PowerPool hackers, a previously unknown hacking collective, has been found to orchestrate an attack campaign. So far a relatively minor group has been affected, however the locations of the infected machines showcase that the campaigns are global. Positive infections stem countries such as the following: Chile, Germany, India, the Philippines, Poland, Russia, the United Kingdom, the United States and Ukraine.

The mode of operations lies in the abuse of an API function which doesn’t check the users permissions in the prescribed matter. This has allowed the PowerPool hackers to abuse the Windows operating system by writing permissions to the Tasks folder. (Read more…)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/powerpool-hackers-exploit-newly-identified-windows-zero-day-vulnerability/