Researchers demonstrate new method for code injection in Windows




Researchers at the security enSilo have discovered a new way to inject code into Windows processes. In addition, they use atom tables. They argue that there is no immediate solution to the problem.

A solution according enSilo missing, because the problem is not related to vulnerabilities in code. The ‘AtomBombing’ technology, as the company that called , uses legitimate functions of the operating system, the company said. It conducted a successful test on Windows 10, but all versions of Windows were susceptible to the attack. An attacker could use the method to access data only accessible to certain processes and thereby gain access to encrypted passwords or to perform a man-in-the-middle attack on the browser.

Moreover, the attacker can bypass security by injecting code into the software trusted processes. The attack works by making use of atom tables . These tables, which can store programs and data sharing, thus enSilo. An attacker can write malicious code into such a table and make sure that a legitimate program retrieves this code executes. This is possible by using two API calls, so put the researchers in a technical analysis.

There is, according enSilo no immediate solution to the problem other than to keep the api calls even noticing and paying attention to malicious activity. One of the researchers let to ZDNet know that the greatest concern is that a motivated attacker will always discover similar techniques. Moreover, this attack could easily bypass security, because the method has not yet been identified as malicious. Microsoft late in a response to the same site know that users must be in unknown files and that “the user’s system must already be in the hands of the attacker before malware can use this type of code injection ‘vigilant.

atombombing AtomBombing leads to crash in Paint


In: A Technology & Gadgets Asked By: [22637 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »