The very anti-malware solutions meant to protect organizations for things like increasing privilege can be exploited to do just that.
The solutions “may unintentionally assist malware in gaining more privileges on the system,” according to a CyberArk blog post penned by Eron Shimony. “The vast number of affected machines is troublesome; probably every Windows machine out there has had at least one software that could be abused to gain elevated privileges via file manipulation attacks.”
Anti-malware solutions “are more vulnerable to exploitation because of their high privilege,” Shimony wrote, explaining that the vendors CyberArk reviewed, by and large, fall for the same types of vulnerabilities. While the number of bugs are “staggering,” many can “be easily eliminated.”
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
CyberArk cited the default DACLs of the C:ProgramData directory as the first cause of many bugs.
Malicious users might find their best opportunity to escalate privilege via DLL hijacking through installers. They’re ripe fruit for attackers because while vendors update inside the packages, “they often forget to update the installer package,” Shimony wrote. Essentially, only the code gets updated so any “software products that rely on installation frameworks are vulnerable to DLL hijacking.”
To protect against anti-malware being exploited for privilege escalation, CyberArk recommended organizations change DACLs before usage, correct impersonating, update installation frameworks and use LoadLibraryEx instead of an old LoadLibrary API.
Some parts of this article are sourced from:
www.scmagazine.com