Some of the intrusive techniques used by security, performance, virtualization, and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit.
Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use “hooking” to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process.
Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn’t otherwise or whose exploitation would have been difficult. Other flaws allow attackers to remain undetected on victims’ computers or to inject malicious code into any process running on them, the enSilo researchers said in a report sent via email that’s scheduled to be published Tuesday.
To read this article in full or to leave a comment, please click here