AtomBombing the Zero-Day exploit that Microsoft can not shut down

AtomBombing Zero-Day exploit: Ερευνητές ασφαλείας της ανακάλυψαν ένα νέο zero-day exploit στα Windows που οι επιτιθέμενοι μπορούν να χρησιμοποιήσουν για inject και εκτέλεση κακόβουλου κώδικα.

The investigations called the AtomBombing exploit from the Windows operating system called Atom Tables.

What is particularly interesting in this zero-day exploit is that it does not use vulnerabilities in Windows security, but in Windows's motherboard operations.AtomBombing Zero-Day exploit

This means, according to the researchers, that Microsoft will not be able to fix the problem.

"Unfortunately, this issue cannot be fixed, as it is not based on any corrupt or defective code, but on how the system mechanisms are designed to work.

Of particular concern is the fact that the issue affects all versions of Windows, and that security programs running the system - firewall or antivirus for example - will not be able to stop exploit.

How the technique works:

Any malicious code, of course, must first be executed to offend a system.
This code is usually blocked by virus protection software or some operating security policies.
In the case of AtomBombing, the malicious program writes the malicious code into an Atom table (which is a legitimate Windows operation and can not stop it from a security policy or antivirus).
It then uses legitimate procedures through APC (Async Procedure Calls), a program ς στο web για παράδειγμα, για να ανακτήσει κωδικούς από τον πίνακα χωρίς να το εντοπίσει κάποιο .

"What we've found is that a malicious user can write malicious code on an Atom table and force a legitimate program to get the malicious code out of that table. We also found that the legitimate program, which contains the malicious code, can be managed to execute the code. ”

Investigators have released a PoC which illustrates the way by AtomBombing. If you are interested in the details, you can check it out as it can answer all your questions.

Ensilo's security team reports that running malicious code on a Windows computer was one of the many ways the attackers can use AtomBombing.

Attackers could use the technique to get screenshots, extract sensitive information, even encrypted passwords.

By agreeing to research, Google Chrome encrypts saved passwords using the Windows Data Protection API. Thus, any attack on a process running within the active user could gain access to sensitive data in plain text.

Ensilio believes Microsoft can not repair AtomBombing exploit. Microsoft, on the other hand, has not issued an announcement.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).