All Windows versions susceptible to new code injection attack

296px-windows_logo_and_wordmark_-_2012-svgA new code injection technique called AtomBombing has been uncovered by researchers at enSilo. AtomBombing was found to be effective against all versions of Windows. AtomBombing exploits the operating system’s atom tables which are provided by the operating system to allow applications to store and access data.

enSilo’s Tal Liberman explained that “What we found is that a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table. We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code.” and depending on the process in which it was injected, the malicious code could allow attackers to take screenshots, access encrypted passwords, or perform Man in the Browser (MitB) attacks noted helpnetsecurity.

There is no way to fix this issue as it is not a vulnerability but security solutions can start monitoring API calls for malicious activity.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s