Threat Intelligence: URGENT Windows loophole gives Malware Kernel Level Access - D1defend D1defend

Threat Intelligence: URGENT Windows loophole gives Malware Kernel Level Access - D1defend D1defend

x

Blog

Threat Intelligence: URGENT Windows loophole gives Malware Kernel Level Access

Posted: July 14, 2023

Hackers are using open-source software that’s popular with video game cheaters to allow their Windows-based malware to bypass restrictions Microsoft put in place to prevent such infections from occurring.

The exploits have been released to the public in the form of free, available tools that are being repurposed by serious hackers to empower their malware with kernel access.

Kernel access is the equivalent of God-mode when it comes to privilege escalation and would allow an attacker to do just about anything. This new method is bypassing all of the driver restrictions that Windows released back in the days of Windows Vista.

In fact, this exploit exists because Windows wanted to ensure that older software could still run even after the updates. This is the hole that attackers are exploiting. They load in malicious drivers with a signing date earlier than 2015, and then combine it with stolen or expired certificates and the tools from video game cheaters. This creates much more destructive malware.

Hackers are using the same sort of access that allows antivirus software to have such deep access to your system. Once an attacker gains administrative privileges, they can take it a step further, potentially being able to shut down EDR/MDR/XDR and other advanced security tools such as application control.

Unfortunately, Microsoft’s driver blocking capabilities currently seem to be broken. Although they have assured the community that this is fixed with the most recent Windows Updates, security researchers state that this is false.

We expect to see increased pressure on Microsoft in the coming days to release a better fix for this issue, but as it stands now, we recommend the following:

  • Ensure that all Windows systems are running the latest version of the operating system.
  • Monitor for any suspicious activity on the network, such as unusual outbound traffic or unexpected system drivers.
  • Regularly scan for malicious system drivers and remove any that are found.
  • Educate users on the importance of not downloading or installing software from untrusted sources.

Contact Us Today!

Schedule a Call