0-Day Vulnerability for all Windows Versions and Antivirus

The new 0-day vulnerability turns the Antivirus software into a malware and allow attacker to take full control of the victim computer. This attack method is called DoubleAgent.
Windows has feature called Microsoft Application Verifier that verify any applications before they run. There is a security issues that recently has been found that allows attacker to inject a custom verifier into any application to gain fully control over the victim computer. The attacker by injection any DLL into the process, they hijack the computer during or after the booting process to keep their persistency. Attackers can leverage this vulnerability to turn an AV into an malware by manipulating the AV’s behavior to take over the victim machine or execute arbitrary codes such as escalating privileges, modifying process natures and behaviors, and many more.

All Microsoft versions are vulnerable to this kind of attack, as well as at the present of writing this Advisory, most of the Antvirus vendors have not release any patch yet except Malwarebytes and AVG. TrendMircro mentioned that they are planing to push a patch for upcoming weak, while Symantec has not been seen in the affected list. Since the DoubleAgent is published publicly and there is no mitigation or patch release yet, the risk for such attack is very high.

for more information please refer to the following addresses: