"New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections"

According to researchers at Security Joes, there is a new variant of the Dynamic Link Library (DLL) search order hijacking technique that threat actors could use to evade security mechanisms and execute malicious code on Microsoft Windows 10 and Windows 11 systems. The approach involves executables commonly found in the trusted WinSxS folder and exploits them using the classic DLL search order hijacking technique. Through this method, malicious actors can avoid the need for elevated privileges when trying to run malicious code on a compromised machine. They can also introduce potentially vulnerable binaries into the attack chain, as previously observed. DLL search order hijacking involves manipulating the search order used to load DLLs to execute malicious payloads for defense evasion, persistence, and privilege escalation. This article continues to discuss the new variant of the DLL search order hijacking technique.

THN reports "New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections"

Submitted by grigby1

Submitted by Gregory Rigby on