Home > News content

[Video] Illusion Gap vulnerability exposure: malicious files can bypass Windows Defender

via:cnBeta.COM     time:2017/9/29 9:01:01     readed:145

Windows systems usually issue two executable copies of the request, one of which triggers the program and creates the process for that; the second is for Windows Defender, which is used to scan for malicious content.

And that's where the problem is. SMBserverCan distinguish between two kinds of requests, and through the controlled SMB server, the attacker can send two completely different files through the configuration. This means that Windows PE Loader can accept malicious files, and sent to Windows Defender is clean. Obviously, this loophole in the future may lead to greater harm.

1506608530_windows-defender-security-center_story.jpg

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments