Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11.
The approach “leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL search order hijacking technique,” cybersecurity firm Security Joes said in a new report exclusively shared with The Hacker News.
In doing so, it allows adversaries to eliminate the need for elevated privileges when attempting to run nefarious code on a compromised machine as well as introduce potentially vulnerable binaries into the attack chain, as observed in the past.
Leave a reply