0-Day Vulnerability for all Windows Versions and Antivirus

The new 0-day vulnerability turns the Antivirus software into a malware and allow attacker to take full control of the victim computer. This attack method is called DoubleAgent.
Windows has feature called Microsoft Application Verifier that verify any applications before they run. There is a security issues that recently has been found that allows attacker to inject a custom verifier into any application to gain fully control over the victim computer. The attacker by injection any DLL into the process, they hijack the computer during or after the booting process to keep their persistency. Attackers can leverage this vulnerability to turn an AV into an malware by manipulating the AV’s behavior to take over the victim machine or execute arbitrary codes such as escalating privileges, modifying process natures and behaviors, and many more.

All Microsoft versions are vulnerable to this kind of attack, as well as at the present of writing this Advisory, most of the Antvirus vendors have not release any patch yet except Malwarebytes and AVG. TrendMircro mentioned that they are planing to push a patch for upcoming weak, while Symantec has not been seen in the affected list. Since the DoubleAgent is published publicly and there is no mitigation or patch release yet, the risk for such attack is very high.

for more information please refer to the following addresses:
https://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/
https://github.com/Cybellum/DoubleAgent

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s