12
返回列表 发新帖
楼主: petr0vic
收起左侧

[讨论] DoubleAgent: Taking Full Control Over Your Antivirus

[复制链接]
230f4
发表于 2017-3-24 06:45:04 | 显示全部楼层
Hello,

On November 26th, we were first contacted by Cybellum and made aware of an undocumented feature in Windows that can potentially allow an attacker to inject third party code into any process running on the computer, including those processes that are the building bricks of the operating system itself.

Cybellum applied this feature to anti malware solutions including ours, and supplied a working Proof of concept to Bitdefender early December through the Bitdefender Bug bounty program.

This undocumented feature, Microsoft Application Verifier, ships with all versions of Windows and is used for debugging (troubleshooting application code). The functionality it leverages is not a vulnerability in any exploited product, but rather a feature by design to assist developers in the application creation process.

While a fix is scheduled for later this year for Bitdefender solutions to prevent this, the fact that in order for the exploit be successful, it needs to be executed with administrator rights, considerably narrows the attack surface. Its actually easier to uninstall the security solution if you have administrator rights for example.

In order to further minimize the potential impact of the Microsoft Application Verifier exploit Bitdefender recommends that computer administrators and owners enforce the best security practices advocated by the industry: never open unsolicited or unexpected attachments and – most importantly – never run applications as privileged user.
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-25 01:26 , Processed in 0.089523 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表