Attackers can 'AtomBomb' every version of Windows

By

Operating system design flaw makes mitigation tricky.

A newly-discovered technique allows attackers to bypass the security protections of every version of Microsoft's Windows operating system to inject malicious code and compromise victim PCs, researchers have revealed.

Attackers can 'AtomBomb' every version of Windows

The "AtomBombing" attack - detailed by IT security form enSilo - relies on the use of Windows atom tables, which allow applications to store, access, and share data.

The researchers said a design flaw in Windows makes it possible for attackers to write malicious code into an atom table and force a legitimate application to retrieve it. Programs that have retrieved the malicious code can then be manipulated to execute it.

Injecting malicious code into legitimate processes makes it easier for attackers to bypass security protections, the researchers said.

"For example, let's say an attacker was able to persuade a user to run a malicious executable, evil.exe. Any kind of decent application level firewall installed on the computer would block that executable's communication," the enSilo researchers wrote.

"To overcome this issue, evil.exe would have to find a way to manipulate a legitimate program, such as a web browser, so that the legitimate program would carry out communication on behalf of evil.exe."

The code injection attack allows threat actors to not only bypass process level restrictions but also access context-specific data (like screenshots), perform man-in-the-middle browser attacks, and access encrypted passwords stored on Google Chrome.

The firm said all versions of Windows were affected. It specifically tested on Windows 10.

Given the technique uses legitimate operating system functions to perform an attack, users will find it difficult to patch against, enSilo said.

However, it suggested organisations monitor for suspicious changes within application programming interface (API) calls.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?