#Cybersecurity#vulnerability#malware#security#software
  • Home
  • Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

Author : ArmCoding
23-04-2024
Share
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.

“When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path,” SafeBreach security researcher Or Yair said in an analysis, which was presented at the Black Hat Asia conference last week.

They include the ability to “hide files and processes, hide files in archives, affect prefetch file analysis, make Task Manager and Process Explorer users think a malware file was a verified executable published by Microsoft, disable Process Explorer with a denial of service (DoS) vulnerability, and more.”

Rootkit-Like Powers

The underlying issue within the DOS-to-NT path conversion process has also led to the discovery of four security shortcomings, three of which have since been addressed by Microsoft –

  • An elevation of privilege (EoP) deletion vulnerability that could be used to delete files without the required privileges (to be fixed in a future release)
  • An elevation of privilege (EoP) write vulnerability that could be used to write into files without the required privileges by tampering with the restoration process of a previous version from a volume shadow copy (CVE-2023-32054, CVSS score: 7.3)
  • A remote code execution (RCE) vulnerability that could be used to create a specially crafted archive, which can lead to code execution when extracting the files on any location of the attacker’s choice (CVE-2023-36396, CVSS score: 7.8)
  • A denial-of-service (DoS) vulnerability impacting the Process Explorer when launching a process with an executable whose name is 255 characters long and is without a file extension (CVE-2023-42757)

“We believe the implications are relevant not only to Microsoft Windows, which is the world’s most widely used desktop OS, but also to all software vendors, most of whom also allow known issues to persist from version to version of their software.”

 

Source: https://thehackernews.com/

#Crime#Cybersecurity#Hacker#malware#Network#security#software#vulnerability
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
  • 31-05-2024
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
  • 31-05-2024
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
  • 30-05-2024
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
  • 30-05-2024
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
  • 29-05-2024
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
  • 29-05-2024
4th Zero-Day Exploit Discovered in May 2024
4th Zero-Day Exploit Discovered in May 2024
  • 27-05-2024
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
  • 27-05-2024
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
  • 24-05-2024