Friday, October 14, 2022

How a Microsoft blunder opened millions of PCs to potent malware attacks


How a Microsoft blunder opened millions of PCs to potent malware attacks

Enlarge (credit: Getty Images)

For almost two years, Microsoft officials botched a key Windows defense, an unexplained lapse that left customers open to a malware infection technique that has been especially effective in recent months.

Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows kernel protections. Rather than writing an exploit from scratch, the attacker simply installs any one of dozens of third-party drivers with known vulnerabilities. Then the attacker exploits those vulnerabilities to gain instant access to some of the most fortified regions of Windows.

It turns out, however, that Windows was not properly downloading and applying updates to the driver blocklist, leaving users vulnerable to new BYOVD attacks.

Read 41 remaining paragraphs | Comments

Reference : https://ift.tt/EJBDWhd

No comments:

Post a Comment

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor

Researchers have discovered malicious code circulating in the wild that hijacks the earliest stage boot process of Linux devices by exploi...