New
#1
What I don't understand is how it can bypass security software according to the zdnet article?
New code injection exposes all versions of Windows to cyberattack.
-
-
New #2
As far as I can tell this seems to be saying that:
- The hacker injects malicious code into this table
- The user asks a program to perform some action (which will access the corrupted code in the table)
- The program asks Windows to execute the action
- The user's AV program determines that Windows has requested this (malicious) action and therefore ignores it
New code injection exposes all versions of Windows to cyberattack.
Posted: 29 Oct 2016
New code injection exposes all versions of Windows to cyberattack.
Researchers have disclosed a fresh attack against Microsoft's Windows operating system which can be used to inject malicious code and compromise user PCs.
On October 27, cybersecurity company enSilo's research team disclosed a practice called "AtomBombing" that can be launched against every version of Windows to bypass current security solutions which protect such systems from malware infections.
The technique is dubbed AtomBombing as it relies on underlying Windows atom tables to exploit a system. Atom tables are used to store strings and identifiers by Windows which support other application functions.
More info
Quote
Related Discussions