Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Researchers discover flaws in Windows Smart App Control and SmartScreen
Global Security

Researchers discover flaws in Windows Smart App Control and SmartScreen

AdminBy AdminAugust 5, 2024No Comments3 Mins Read
Smart App Control and SmartScreen
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 5, 2024Ravi LakshmananThreat Intelligence / Vulnerability

Smart App Control and SmartScreen

Cybersecurity researchers have discovered design flaws in Microsoft’s Windows Smart App Control and SmartScreen that could allow threat actors to gain initial access to targeted environments without any warning.

Intelligent Program Management (SAC) is a cloud-based security feature introduced from Microsoft in Windows 11 to block malicious, untrusted and potentially unwanted programs from running on the system. In cases where the service cannot make a prediction about the application, it checks whether it is signed or has a valid signature in order to be executed.

SmartScreen, which was released with Windows 10, is a similar security feature that detects whether a website or downloaded app is potentially malicious. It also uses a reputation-based approach to protect URLs and apps.

“Microsoft Defender SmartScreen evaluates website URLs to determine if they are known to distribute or host dangerous content,” Redmond said. notes in its documentation.

Cyber ​​security

“It also provides reputation checks for applications, checks for downloaded programs, and the digital signature used to sign a file. If a URL, file, program, or certificate has a reputation set, users don’t see any warnings. If there is no reputation, the item is marked as higher risk and presents a warning to the user.”

It’s also worth noting that when SAC is enabled, it replaces and disables Defender SmartScreen.

“Smart App Control and SmartScreen have a number of fundamental design flaws that can allow initial access without security alerts and minimal user interaction,” – Elastic Security Labs said in a report shared with The Hacker News.

One of the easiest ways to bypass these protections is to sign the program with a legitimate Extended Validation (EV) certificate, a method already used by attackers to spread malware, as recently witnessed in the case of HotPage.

Smart App Control and SmartScreen

Some of the other methods that can be used to evade detection are listed below –

  • Reputation hijacking, which involves detecting and redirecting programs with a good reputation to bypass the system (eg JamPlus or known AutoHotkey interpreter)
  • Reputation seeding, which involves using a seemingly innocuous binary controlled by an attacker to cause malicious behavior due to a vulnerability in an application or after a certain amount of time has passed.
  • Reputation spoofing, which involves modifying specific sections of a legitimate binary (such as a calculator) to inject shellcode without losing overall reputation
  • LNK Stomping, which involves exploiting a flaw in the way Windows handles shortcut (LNK) files to remove the web tag (MotW) tag and bypass SAC protection due to SAC blocking tagged files.

“This includes creating LNK files that have non-standard target paths or internal structures,” the researchers said. “When clicked, these LNK files are modified by explorer.exe with canonical formatting. This modification causes the MotW tag to be removed before the security check is performed.’

Cyber ​​security

“Reputation-based protection systems are a powerful layer to block commercial malware,” the company said. “However, as with any method of protection, they have weaknesses that can be circumvented with some care. Security teams should carefully examine the loadings in their detection stack and not rely solely on the OS’s own security features to protect in this area.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.