Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday October 30 2016, @04:58PM   Printer-friendly
from the don't-run-unknown-code! dept.

AtomBomb: The New Zero-Day Windows Exploit Microsoft Can't Fix?

There's a new zero-day Microsoft Windows exploit in the wild by the name of AtomBomb, and Microsoft may not be able to fix it.

Ensilo security researchers have discovered a new zero-day exploit in Windows that attackers can make use of to inject and execute malicious code. The researches call the exploit AtomBombing because of its use of a Windows function called Atom Tables.

What's particularly interesting about the exploit is that it does not rely on security vulnerabilities in Windows components but native Windows functions. This means, according to the researchers, that Microsoft won't be able to patch the issue.

It is particularly worrying that the issue affects all versions of Windows, and that security programs that run on the system -- firewall or antivirus for instance -- won't stop the execution of the exploit.

The technique works in the following way on an abstract level:

  1. Malicious code needs to be executed on a Windows machine. A user might run malicious code for instance.
  2. This code is blocked usually by antivirus software or other security software or policies.
  3. In the case of AtomBombing, the malicious program writes the malicious code in an atom table (which is a legitimate function of Windows and won't be stopped therefore).
  4. It then uses legitimate processes via APC (Async Procedure Calls) , a web browser for instance, to retrieve the code from the table undetected by security software to execute it.

You can find an extremely detailed explanation of AtomBombing here. Time to run Windows only in VMs?

New code injection attack works on all Windows versions - Help Net Security

Source: https://www.helpnetsecurity.com/2016/10/28/code-injection-windows-atombombing/


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Anonymous Coward on Sunday October 30 2016, @06:18PM

    by Anonymous Coward on Sunday October 30 2016, @06:18PM (#420584)

    Don't you know debuggers are illegal?

    Dan would later learn that there was a time when anyone could have debugging tools. There were even free debugging tools available on CD or downloadable over the net. But ordinary users started using them to bypass copyright monitors, and eventually a judge ruled that this had become their principal use in actual practice. This meant they were illegal; the debuggers' developers were sent to prison.

    Programmers still needed debugging tools, of course, but debugger vendors in 2047 distributed numbered copies only, and only to officially licensed and bonded programmers. The debugger Dan used in software class was kept behind a special firewall so that it could be used only for class exercises.

    It was also possible to bypass the copyright monitors by installing a modified system kernel. Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that.

    Starting Score:    0  points
    Moderation   +5  
       Offtopic=1, Insightful=1, Interesting=3, Informative=2, Total=7
    Extra 'Interesting' Modifier   0  

    Total Score:   5  
  • (Score: 1, Informative) by Anonymous Coward on Sunday October 30 2016, @08:29PM

    by Anonymous Coward on Sunday October 30 2016, @08:29PM (#420627)

    source?

    • (Score: 1, Informative) by Anonymous Coward on Sunday October 30 2016, @08:48PM

      by Anonymous Coward on Sunday October 30 2016, @08:48PM (#420634)

      I think it is Stallman's "The Right to Read", certainly reads like Stallman's writing.

    • (Score: 0) by Anonymous Coward on Sunday October 30 2016, @10:06PM

      by Anonymous Coward on Sunday October 30 2016, @10:06PM (#420666)

      Right to read [gnu.org]
      Richard Stallman, February 1997 issue of Communications of the ACM (Volume 40, Number 2)

  • (Score: 3, Informative) by NCommander on Monday October 31 2016, @05:12AM

    by NCommander (2) Subscriber Badge <michael@casadevall.pro> on Monday October 31 2016, @05:12AM (#420792) Homepage Journal

    While I personally disagree with rms on many points, I do think the worlds he outlined in Right to Read and such are disturbingly plausible in many ways. I just wish the FSF would stop shooting itself in the foot in many ways; the GPLv3 as a license is a disaster.

    (specifically, I don't mind the concepts desired in the GPLv3 itself, however, its very difficult to read even being versed in software licensing and an above average legal understanding. The FSF could have gotten exactly the same effect with much clearer language. A layman can read the GPLv2 and completely understand it, not true of the GPLv3. For patent clauses, compare Apache 2.0 to GPLv3 and tell me which one actually is understandable on the first go, Furthermore, getting around the TiVozation requirements within the GPLv3 is relatively straightforward; virtualization can easily allow you to comply with the GPLv3 while running around the intent of the license.).

    --
    Still always moving