No, actually, can't say I've ever wanted people to think I'm Microsoft.
Want to get around app whitelists by pretending to be Microsoft? Of course you can...
A sprinkle of code and an understanding of the Windows digital certificate process is all that's needed for a miscreant to sneak malware past Microsoft's application whitelist within a corporate environment. In a keynote address at the DerbyCon hacking conference in Kentucky, USA, on Friday, Matt Graeber, a security researcher …
COMMENTS
-
-
-
Monday 25th September 2017 06:40 GMT Anonymous Coward
Re: It's..
needs root/admin accesss to perform it
And that is very difficult to achieve, isn't it? :)
Asking Microsoft to be secure is like asking your local bakery to do your IT. Come to think of it, they may do a better job.
With admin access you could just add your own signature, of course, but I guess that's the one thing $corporate will watch by way of simple host intrusion detection.
-
-
Monday 25th September 2017 19:05 GMT Anonymous Coward
Re: It's..
Whilst with linux you don't even need admin access to be able to write to any file on the system. Just ask linux, he knew about the C.O.W. bug years ago, but couldn't be bothered to fix it.
It would be nice if you put at least *some* effort into trolling, we have standards here. Honestly, even for Microsoft marketing standards this was pathetic.
I give it a 0 out of 10, because of "asking linux".
-
-
-
-
-
-
Sunday 24th September 2017 15:32 GMT yoganmahew
Re: Bore off
Unless I'm mistaken (and I probably am, it is not my field), the attack vector is to get admin rights once (e.g. on install), and then build an identify that allows nefarious activities without asking again for admin rights. As everything asks for admin rights on install/update and everyone just clicks it (what else are you supposed to do?), admin rights are easily got at least once. As I say, YMMV...
-
Sunday 24th September 2017 22:57 GMT Adam 1
Re: Bore off
@yogan
"However, we're told, there’s also CryptSIPVerifyIndirectData, which can be abused to green-light malicious applications with a counterfeit signature. The only thing you need are some coding tools and, oh yeah, admin privileges on the target computer."
If you are not mistaken then Iain is.
-
-
-
-
Monday 25th September 2017 10:28 GMT phuzz
Re: Wow... an administrator can...
Windows security privileges can be quite fine grained, so it's possible a user might have enough privileges to perform this account, but not enough to install a certificate, or disable whitelisting, etc.
On the other hand 99% of Windows users have full admin rights because that was easier than working out exactly what each class of user should have access to and tailoring it accordingly, so your point still stands.
-
-
Monday 25th September 2017 07:45 GMT RyokuMas
Wow...
There's a way round Microsoft's app security process? I guess they're just copying Google again...