Hackers exploit gaping Windows loophole to give their malware kernel access

Jump to latest Follow Reply
Status
You're currently viewing only afidel's posts. Click here to go back to viewing the entire thread.
Muted (0)
Sort by date Sort by votes
A

afidel

Ars Legatus Legionis
18,192
Subscriptor
  • #12
    rjd185 said:
    It would still be reasonable to make this a system policy for opt-in, or potentially opt-out, so that unless you need this vulnerability left open, you have the option to close it (as already mentioned in another comment).
    Click to expand...
    The problem is, if I understand the problem correctly, is that exploiting this vulnerability already requires administrator credentials, so any opt-in mechanism would be worthless as the process running as the admin user could simply modify the policy from opt-out to opt-in. In fact I'm not sure there's an effective mitigation as any updated DLLs could likely just be rolled back to vulnerable versions, or the attacker could redirect the function calls to a vulnerable DLL version in another location. Basically if you have administrator permissions you already effectively have SYSTEM permissions as you can undo any security mechanism that's put in place.
     
    Upvote
    54 (55 / -1)
    You must log in or register to reply here.
    Status
    You're currently viewing only afidel's posts. Click here to go back to viewing the entire thread.
    Jump to latest Follow Reply
    Jump to latest Follow Reply