SoylentNews is people
SoylentNews
AtomBomb: The New Zero-Day Windows Exploit Microsoft Can't Fix?
There's a new zero-day Microsoft Windows exploit in the wild by the name of AtomBomb, and Microsoft may not be able to fix it.
Ensilo security researchers have discovered a new zero-day exploit in Windows that attackers can make use of to inject and execute malicious code. The researches call the exploit AtomBombing because of its use of a Windows function called Atom Tables.
What's particularly interesting about the exploit is that it does not rely on security vulnerabilities in Windows components but native Windows functions. This means, according to the researchers, that Microsoft won't be able to patch the issue.
It is particularly worrying that the issue affects all versions of Windows, and that security programs that run on the system -- firewall or antivirus for instance -- won't stop the execution of the exploit.
The technique works in the following way on an abstract level:
- Malicious code needs to be executed on a Windows machine. A user might run malicious code for instance.
- This code is blocked usually by antivirus software or other security software or policies.
- In the case of AtomBombing, the malicious program writes the malicious code in an atom table (which is a legitimate function of Windows and won't be stopped therefore).
- It then uses legitimate processes via APC (Async Procedure Calls) , a web browser for instance, to retrieve the code from the table undetected by security software to execute it.
You can find an extremely detailed explanation of AtomBombing here. Time to run Windows only in VMs?
New code injection attack works on all Windows versions - Help Net Security
Source: https://www.helpnetsecurity.com/2016/10/28/code-injection-windows-atombombing/
(Score: 0, Flamebait) by Francis on Monday October 31 2016, @04:03AM
No, you're being an asshole. People like you are why I use FreeBSD rather than Linux as my primary install. I just want a system that works reliably without the zealotry.
I did the research on this stuff at the time that I decided what software I was going to use and I don't see any reason why I should stop using what works for me. Nothing you've recommended does what my current set up does on my machine. I don't see any purpose in setting aside the stuff I bought back when I was dual-booting between Windows and FreeBSD just because I've got my Windows install loaded into a VM.
Nothing you've suggested is anywhere near as functional as what I'm currently using.
Also, I think it's cute that you think I care what you think of me. All you've done in this thread is make an ass of yourself.
(Score: 2, Informative) by aristarchus on Monday October 31 2016, @06:09AM
Nothing you've recommended does what my current set up does on my machine. I don't see any purpose in setting aside the stuff I bought back when I was dual-booting between Windows and FreeBSD just because I've got my Windows install loaded into a VM.
Nothing you've suggested is anywhere near as functional as what I'm currently using.
Francis, my poor Francis! You have admitted to running Windows because you did not know what else to do. I never suggested any solutions, since you did not provide enough details to see what your problem was, other than that you were running Windows. And it is funny how, when ever I try to assist you, as opposed to anyone else on SoylentNews, I get modded down. Hmm. Well, that is it. It is war, Francis! I will follow you, and every post you make I will mod down mercilessly! I will taunt you as an AC, and I will imitate your username on other fora accross the internet until you realize the errors of your ways and apologize for posting totally ignorant things here on SoylentNews. Deal?
(Score: 1, Informative) by Anonymous Coward on Monday October 31 2016, @02:46PM
It's not just Francis. I mod you down too, especially because of pointless dickwaving posts like this.
(Score: 3, Funny) by aristarchus on Monday October 31 2016, @04:16PM
Francis! Posting as AC and calling yourself "not just Francis" does not mean you are not just Francis! You're not fooling anyone, you know!
(Score: 0) by Anonymous Coward on Monday October 31 2016, @05:38PM
Just keep telling yourself that.
(Score: 0) by Anonymous Coward on Monday October 31 2016, @06:33PM
Aristarchus is right! You can't just hide behind AC, Francis! Maybe if you knew how scanner drivers and DVD drives worked, you might have a chance to pull it off, but this is just too obvious.
(Score: 0) by Anonymous Coward on Tuesday November 01 2016, @03:00AM
that's b/c you're a hooker.
(Score: 0) by Anonymous Coward on Tuesday November 01 2016, @09:07AM
that's b/c you're hooked.
FTFY! Trolling, trolling, over the deep blue sea! I just wonder, if you know it's me?