Threat Actors Gain Capabilities Similar to Rootkits Through Windows MagicDot Vulnerability
Security researchers have found a new vulnerability in the DOS-to-NT conversion process that allows attackers to gain abilities similar to rootkit malware. Please find out more about the flaw and its impact on system security.
- A new vulnerability in Windows, MagicDot, allows threat actors to exploit the DOS-to-NT path conversion process in a manner similar to rootkit malware.
- The flaw allows attackers to hide processes, files, and directories, allowing operations without being detected by the system user.
Cybersecurity researchers from SafeBreach have disclosed a new Windows vulnerability that allows threat actors to exploit the DOS-to-NT path conversion process, gaining rootkit malware-type capabilities that are fairly difficult to detect. The flaw creates a significant risk for businesses using Windows systems as it is easy for attackers to extract or modify processes, files, and directories stealthily.
Usually, DOS paths are changed to NT paths when a system user executes a function that results in a path argument. The vulnerability known as MagicDot occurs when user-space APIs push the function to eliminate trailing dots and spaces for elements of the path. Consequently, the paths create a rootkit-type functionality that provides access to any user, even without appropriate privileges.
See More: Large Scale Brute Force Attacks Disrupt SSH and VPN Services
Bad actors could leverage such an occurrence to carry out various malicious activities without having admin authorizations. As the vulnerability enables attackers to disguise malicious files and hide data, the device user is unlikely to detect such activity. The report also revealed four other vulnerabilities related to MagicDot that allow privilege escalation, denial of service, and remote code execution.
Windows users have been recommended to patch to the latest update, implement multi-factor authentication, monitor and test assets, and create exhaustive incident response plans. The incident highlights the need for software vendors to watch out for seemingly harmless issues that could ultimately result in severe security risks.
What measures does your organization take to minimize the impact of malware? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
