Hacker can potentially attack all the version of windows with the new code injection technique
Windows is always a leader in vulnerability list and fixing it from decades, The laughing stuff is that now hacker don’t need vulnerability to hack windows. The good thing for hackers is that this attack is available for all the version of windows the EnSilo’s (a security firm) researchers named this attack ‘Atom Bombing’, which exploits an Windows mechanism called atom tables. The atom bombing does not exploit any vulnerability but abuses a designing weakness in Windows.
What is Atom table ?? :/
Atom table is a feature of Windows that allows applications to store information on strings, objects, and other types of data to access on a regular basis and since Atom are shared tables, all sorts of applications can access or modify data inside those tables. For More information Click
EnSilo researcher Tal Liberman said
“ What we found is that a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table. We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code.”
For More Click
“For example, let’s say an attacker was able to persuade a user to run a malicious executable, evil.exe. Any kind of decent application level firewall installed on the computer would block that executable’s communication. To overcome this issue, evil.exe would have to find a way to manipulate a legitimate program, such as a web browser, so that the legitimate program would carry out communication on behalf of evil.exe.
What’s worse ??
“Unfortunately, this issue cannot be patched since it does not rely on broken or flawed code – rather on how these operating system mechanisms are designed.”
Since the AtomBombing technique exploits legitimate operating system functions to carry out the attack, Microsoft can not patch the issue without changing how the entire operating system works. This is not a feasible solution, so there is no notion of a patch.
Liberman told ZDNet
“AtomBombing uses legitimate OS mechanisms and features to perform and hide malicious activity. The greatest concern is that when attackers are motivated they will always find creative techniques such as this one.
Since it’s new and has not yet been marked as malicious, this method will easily bypass any security product that attempts to heuristically block malicious activity. Recognizing that compromise is inevitable, organisations should consider a security strategy that assumes that attackers are already inside.”
Be safe, Be aware