Windows 10 and 11 Security Measures Circumvented by DLL Hijacking Technique
The new technique exploits WinSxS executables to execute malicious code in Windows folders.
- Security researchers have discovered a new version of a dynamic link library (DLL) search order hijacking technique that could be exploited by malicious actors on Windows systems.
- The new technique allows the execution of malicious code for privilege escalation, defense evasion, and persistence threats.
Researchers at cyber security company Security Joes have discovered a new DLL search order hijacking technique that allows malicious actors to install and execute malicious code, circumventing security measures in Windows 10 and 11 systems without having higher levels of privilege.
A DLL hijacking technique is where a malicious DLL (Dynamic Link Library) is placed in a directory that is searched by vulnerable applications in place of a legitimate one. Malicious actors using the technique potentially use executables in WinSyS folders by making the folder with the malicious DLL the current directory.
These attacks compromise systems, allow the execution of arbitrary code, and eliminate the requirement of extra binaries, bypassing the high privilege requirements of Windows 10 and 11. The WinSxS folder is a key part of the Windows OS at “C:\Windows\WinSxS.” It not only maintains multiple versions of system files but also previous versions when updates are underway.
See More: 1.3M LoanCare Borrowers Data Exfiltrated in Fidelity National Financial Breach
The technique is a unique attack approach in cybersecurity about how Windows applications load executables and external libraries. It highlights the importance of evaluating parent-child relationships in processes in addition to the tracking of binary activity of WinSxS folders.
It also supports the importance of awareness programs against such threats and industry efforts towards preventive measures against the exploitation of the DLL loading process.
What best practices do you follow to minimize cyber threats? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock