Security researchers have outlined a fresh variant of a dynamic link library (DLL) search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and Windows 11.
The new method, disclosed in a report by cybersecurity firm Security Joes and exclusively shared with The Hacker News, exploits executables commonly present in the trusted WinSxS folder, utilizing the classic DLL search order hijacking technique. By doing so, adversaries can avoid the need for elevated privileges when attempting to run malicious code on a compromised system, introducing potentially vulnerable binaries into the attack chain.
DLL search order hijacking involves manipulating the search order used to load DLLs, allowing the execution of malicious payloads for purposes such as defense evasion, persistence, and privilege escalation. This technique targets applications that do not specify the full path to required libraries, relying on a predefined search order to locate DLLs on disk.
Threat actors exploit this behavior by relocating legitimate system binaries into non-standard directories that contain malicious DLLs, named after legitimate ones. This tricks the system into loading the attack code-containing library instead of the authentic one.
The unique aspect introduced by Security
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: