Many popular pieces AntivirusA top cybersecurity researcher claims that programs such as Microsoft, TrendMicro and SentinelOne can be used to extract data from programs like Avast, TrendMicro, TrendMicro, Avast and AVG.
In proof of concept document(Opens in a new window)Au Yair, also known as “Aikido”, works for cybersecurity firm SafeBreach and explained how the exploit works using what’s called a time-of use validation (TOCTOU).
Aikido is a Japanese martial art that allows the practitioner to use his opponent’s strength and movement against him.
How does it work?
According to Yair, the vulnerability could be used to facilitate a variety cyberattacks known simply as “wipers”, which are often used in offensive warfare situations.
A wiper, in cybersecurity, is a type of malware that attempts to erase the hard disk of the computer it infects. It maliciously deletes data and programs.
According to the chipset’s code, the exploit redirects a “superpower of” Endpoint detection softwareTo delete any file, regardless of privileges.
The whole process described involved creating a malicious file in “C:tempWindowsSystem32driversndis.sys”.
Next, press the handle to force “AV/EDR deletion delay until after next reboot”.
The next step is to delete “C:temp directory” followed by “creating an intersection in C:temp->C:”, followed closely by a machine reboot.
According to Yair, only a few of the most well-known antivirus brands were affected.
According to the slideshow prepared and shared by the researcher, Microsoft Defender is among those most affected by the vulnerability.
Some products such as Palo Alto and XDR, CrowdStrike or McAfee were not affected.
- Are you interested to update your cyber security tools? Check out our guide. The best malware removalTools
Source link
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]
