New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

02.01.2024

 

Security researchers have outlined a novel iteration of a dynamic link library (DLL) search order hijacking technique, posing a potential threat to systems running Microsoft Windows 10 and Windows 11. This method, disclosed in an exclusive report shared with The Hacker News by cybersecurity firm Security Joes, capitalizes on executables commonly located in the trusted WinSxS folder. By exploiting the classic DLL search order hijacking technique, adversaries can bypass security mechanisms, enabling the execution of malicious code.

The strategy involves leveraging trusted executables within the WinSxS folder, eliminating the necessity for elevated privileges to run malicious code on a compromised system. Additionally, this approach introduces the possibility of incorporating vulnerable binaries into the attack chain, a pattern observed in previous incidents.

DLL search order hijacking revolves around manipulating the order in which DLLs are loaded, facilitating the execution of malicious payloads for purposes such as defense evasion, persistence, and privilege escalation. In this context, attackers target applications that do not specify the full path to the required libraries. Instead, they rely on a predetermined search order to locate the necessary DLLs on the disk.

Exploiting this behavior, threat actors relocate legitimate system binaries into unconventional directories. These directories include malicious DLLs bearing names similar to legitimate ones. Consequently, during the DLL loading process, the library containing the attack code is selected in lieu of the authentic one.

Other news

Google’s New Tracking Protection in Chrome Blocks Third-Party Cookies

On Thursday, Google unveiled plans to initiate trials of a new feature named “Tracking Protection” beginning January 4, 2024, involving 1% of Chrome users. This move is part of Google’s broader initiative to phase out third-party cookies within the web browser

Read More

HP is releasing the world’s first business computers that protect product software against quantum computer hacks

The potential threat of quantum computers capable of overcoming asymmetric cryptography jeopardizes the integrity of the digital world, and the likelihood of this threat materializing is increasing day by day.

Read More
en_USEnglish