Windows Smart App Control has a worrying security bug that hackers exploited for years

A potentially serious security flaw which had been exploited since at least 2018 has been found in Windows Smart App Control and SmartScreen.

The flaw allows attackers to launch malicious programs on devices without triggering alerts that would typically show if a Mark of the Web (MotW) file was opened, experts have warned.

Both Smart App Control and SmartScreen are designed to pull up an alert when MotW files are opened, as they can contain potentially dangerous apps and binaries.

Format correction removing MotW

The flaw was discovered by Elastic Security Labs, and is exploited by creating LNK files with modified target paths or internal structures which are automatically reformatted by explorer.exe when opened. This reformatting removes the MotW, stopping security alerts from Smart App Control and SmartScreen.

All it takes to modify the target path of a file is a single space or dot, which Windows Explorer will correct, and in doing so will remove the MotW tag by updating the file. The same goes for creating an LNK file with a modified relative path.

The oldest version of VirusTotal that abuses this flaw is at least six years old, meaning that this flaw has been actively exploited since at least 2018. But the Smart App Control and SmartScreen flaws don’t end there. Elastic Security Labs also identified other ways to bypass the app’s security controls.

By using code-signing or EV signing certificates, the researchers could sign malicious payloads that would not alert Smart App Control or SmartScreen. It is also possible to repurpose apps that have a pre-existing good reputation to dodge security checks. Attackers could also bypass security measures by deploying a malicious application that only triggers security checks if certain conditions are met.

“Smart App Control and SmartScreen have a number of fundamental design weaknesses that can allow for initial access with no security warnings and minimal user interaction. Security teams should scrutinize downloads carefully in their detection stack and not rely solely on OS-native security features for protection in this area. We are releasing this information, along with detection logic and countermeasures, to help defenders identify this activity until a patch is available,” Elastic Security Labs said.

Via BleepingComputer

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/XAAmHki5jekJSfXuf68545-1200-80.jpg

Source link
benedict.collins@futurenet.com (Benedict Collins)

What is the release date for Marshals: A Yellowstone Story episode 6 on CBS and Paramount+?

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

This new ‘laughing rat’ malware will steal your data and hack your systems — and then laugh at you while doing it

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Why Mateo’s Change To Night Shift Is Important For The Pitt Season 2 Explained By Jalen Thomas Brooks

Netflix’s Near-Perfect 8-Part Horror Thriller Hits 28M Hours Watched in Just 1 Week

One Deranged Pokémon Pokopia Player Has Slurped Up the Entire Ocean

Who Is Todd Blanche? All About the Acting AG After Pam Bondi Was Fired – Hollywood Life

Form DEF 14A CORBUS PHARMACEUTICALS HOLDINGS For: 2 April

Form S-3 Taoweave Inc For: 2 April

Form DEF 14A CLEVELAND-CLIFFS INC. For: 2 April

Cherry Jonathan, Perpetua Resources CEO, sells $119555 in shares

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Windows Smart App Control has a worrying security bug that hackers exploited for years

Why Mateo’s Change To Night Shift Is Important For The Pitt Season 2 Explained By Jalen Thomas Brooks

Form DEF 14A CORBUS PHARMACEUTICALS HOLDINGS For: 2 April

Netflix’s Near-Perfect 8-Part Horror Thriller Hits 28M Hours Watched in Just 1 Week

Form S-3 Taoweave Inc For: 2 April