antivirus Antivirus Engines Affected by Code Hooking Vulnerability

[vissha]

Antivirus Engines Affected by Code Hooking Vulnerability

 

 

enSilo identifies six issues across hundreds of products

 

Quote

Six vulnerabilities in the way some software vendors utilize the "code hooking" technique exposes their products to exploitation from malware that can leverage this security flaw to bypass security mitigations and compromise targeted devices.

 

Hooking is a coding technique that allows an application to tap into the process of another application. Many types of desktop applications enable and use this technique, and especially security products that need to monitor other applications for malicious activity.

 

Security firm enSilo discovered a problem with how a large number of software applications utilize the hooking technique, which leaves the door open for exploitation from malicious actors.

 

Vulnerabilities identified in 2015

 

Their research stems from a previous investigation which has identified problems in how AVG, McAfee, and Kaspersky handle the computer's memory space.

 

It is during that investigation when enSilo's team has noticed the problematic way in which antivirus engines hook into other applications and system APIs to monitor and scan for malicious activity.

 

Later on, they discovered that other kind of applications, such as virtualization and performance monitoring software are vulnerable to the same issue, and can be leveraged by malware in attacks meant to bypass security software and OS-level malware mitigation techniques.

 

Hundreds of applications affected, millions of users exposed

 

According to enSilo, the following products have been notified and have started patching their products: AVG, Kaspersky, McAfee, Symantec, BitDefender, Citrix XenDesktop, WebRoot, Emsisoft, Vera, and Avast.

 

Additionally, any application that uses the Microsoft Detours hooking engine is also affected. This includes a huge list of products from over 100 ISVs (independent software vendors), along with almost all of Microsoft own products, such as the Office suite.

 

Patching all applications implies a recompilation of all affected products and distributing new versions, which explains why enSilo waited for so much to publicly disclose the issues.

 

Microsoft said it will update its apps and the Detours engine in its August Patch Tuesday.

 

In the meantime, the researchers are set to present their findings at this year's Black Hat security conference, scheduled to take place in Las Vegas at the start of August. A more technical explanation can be read here, written by Udi Yavo and Tomer Bitton of enSilo.

 

Source

[straycat19]

Blame it on the AV makers but it is Microsoft's shitty OS that is causing it.  33 Years and they still can't create a secure OS.  Anyone who writes a program for Windows takes a chance that their software could be a host for an exploit because it is written with Microsoft's programming code which is an unsafe as its OS.

[truemate]

do my pc also effected http://www.nsaneforums.com/topic/273280-many-sites-r-not-opening-not-even-google/