Shulou(Shulou.com)11/24 Report--

CTOnews.com, December 12, SafeBreach security researcher Yair recently released a proof of concept program (POC) that shows how to induce security software to erase or permanently delete harmless files on your PC.

According to reports, POC is called "Aikido", which is the essence of martial arts of the same name-"soft Ke Gang" and "borrow strength" to defeat your opponent with the means of attack of your opponent.

Microsoft has admitted that there is a vulnerability in Defender and announced that it has fixed it.

However, several other software killers, such as Avast, AVG and TrendMicro, have also been confirmed to be affected by this vulnerability, while products such as McAfee and BitDefender are not affected.

Yair explained that POC is based on a check time to use time (TOCTOU) vulnerability.

When Deadware detects such a file, it will determine it as a malicious file and then delete it. POC using TOCTOU can import an alternate path after killing software detects malware, and then cause the computer to delete your legitimate files, not just malicious files, or even Windows system files.

These steps are briefly described below:

Create a special path with malicious files in C:\ temp\ Windows\ System32\ drivers\ ndis.sys

Fix its path and force EDR or AV to postpone the delete operation until the next restart

Delete the C:\ temp directory

Create a connection C:\ temp → C:\

Restart

Interestingly, for Defender and Defender for Endpoint,Yair, notice that Defender does not delete the file but simply deletes the folder. CTOnews.com learned that Microsoft has assigned the number of ID "CVE-2022-37971" to this vulnerability and has fixed it in the latest Microsoft Malware Protection Engine version 1.1.19700.2.

At the same time, TrendMicro, Avast and AVG have released patches for their respective products:

TrendMicro Apex One: patch 23573 and Patch_b11136

Avast and AVG antivirus software: 22.10

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.