Some of Microsoft’s most important tools for protecting Windows users from malicious hackers can be twisted into being used in attacks, according to research presented here Wednesday at the annual Black Hat security conference.
The newly discovered method includes altering the internal registry of a Windows machine to make it seem as though it has been updated through Microsoft’s regular process for issuing improvements and security fixes.
That would allow an attacker to downgrade the machine to earlier versions of Windows, making hundreds of vulnerabilities that are patched in current versions of Windows fair game once more.
The technique fools another highly touted security innovation, known as virtualization-based security, by renaming a file folder, according to Alon Leviev, a researcher for security company SafeBreach who is presenting the findings at Black Hat and at Def Con, the hacking conference that begins here Friday.
Comments