Network Security, Vulnerability Management, Malware

Rootkit capabilities likely with Windows bugs

Microsoft March Patch Tuesday roundup

Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.

Malicious actors could also leverage the issues to obfuscate a malware file as a verified Microsoft executable, as well as tap a denial-of-service bug to deactivate Process Explorer, according to a SafeBreach report presented at the Black Hat Asia conference. Further examination of the process also revealed three already addressed Microsoft security bugs, including a privilege escalation write issue, tracked as CVE-2023-32054; a remote code execution flaw, tracked as CVE-2023-36396; and a DoS issue, tracked as CVE-2023-42757, as well as a new yet to be patched privilege escalation deletion bug enabling file removal.

"We believe the implications are relevant not only to Microsoft Windows, which is the world's most widely used desktop OS, but also to all software vendors, most of whom also allow known issues to persist from version to version of their software," said SafeBreach security researcher Or Yair.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.