Windows defenses evaded by new DLL search order takeover

Windows 10 and Windows 11 systems could have their security defenses evaded to facilitate malicious code execution through a new dynamic link library search order hijacking technique, according to The Hacker News. Attackers performing the novel technique could use executables within the trusted WinSxS folder to execute malicious code without the need for elevated privileges, a report from Security Joes showed. The vulnerable WinSxS folder file could be executed by making the folder with the malicious DLL the current directory, said researchers, who added that the susceptibility of other WinSxS folder binaries to the novel attack technique should prompt the evaluation of parent-child relationships across processes, as well as the tracking of WinSxS folder binary activities. "This approach represents a novel application in cybersecurity: traditionally, attackers have largely relied on well-known techniques like DLL search order hijacking, a method that manipulates how Windows applications load external libraries and executables," said Security Joes co-founder and CEO Ido Naor.