Microsoft has finally addressed what has been described as the "holy grail" of Windows security vulnerabilities after being informed about it six months ago.
Cybersecurity researchers from Avast informed Microsoft of the "holy grail" of security vulnerabilities in Windows that was used by the North Korean hackers Lazarus Group. The rootkit vulnerability was an admin-to-kernel exploit that was associated with a driver for AppLocker, which is an app that is designed for whitelisting software built into Windows. Notably, the vulnerability was discovered in the input/output dispatcher of appid.sys.
"A user-space attacker could abuse it to essentially trick the kernel into calling an arbitrary pointer. This presented an ideal exploitation scenario, allowing the attacker to call an arbitrary kernel function with a high degree of control over the first argument," said Avast
Furthermore, Avast claims that Lazarus Group used this specific vulnerability to gain access to read/write primitive on the Windows kernel that was later used to install their FudModule rootkit. Avast said that Microsoft's belated response to the vulnerability demonstrates the company's opinion on the severity of the vulnerability.
"Some Windows components and configurations are explicitly not intended to provide a robust security boundary," Microsoft states on its Security Servicing criteria page. Avast hit back at Microsoft's response, "Microsoft reserves the right to patch admin-to-kernel vulnerabilities at its own discretion."
- Read more: Microsoft officially announces its under attack by hackers being paid by Russia
- Read more: Apple is working on its biggest MacBook yet and it's unquestionably unique
- Read more: Bitcoin reaches new all-time high before quickly tumbling back down
- Read more: Google engineer faces 10 years in prison for stealing AI secrets for China