"Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers"

According to new research, threat actors can use the DOS-to-NT path conversion process to achieve rootkit-like capabilities and conduct malicious activities such as concealing and impersonating files, directories, and processes. According to SafeBreach security researcher Or Yair, the DOS path at which the file or folder exists is converted to an NT path when a user executes a function with a path argument in Windows. During the conversion process, a known issue occurs: the function removes trailing dots from any path element and trailing spaces from the last path element. Most user-space Application Programming Interfaces (APIs) in Windows complete this action. These MagicDot paths enable rootkit-like functionality that any unprivileged user can exploit to perform malicious actions without administrative privileges and remain undetected. This article continues to discuss findings regarding the Windows flaws that give hackers rootkit-like capabilities. 

THN reports "Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers"

Submitted by grigby1

Submitted by Gregory Rigby on