Microsoft tool exploit DoubleAgent can turn antivirus software into your worst enemy

Researchers from Israeli zero-day security firm Cybellum have discovered a 15-year-old code injection vulnerability and exploit technique that could allow attackers to maliciously take over antivirus programs and other software by abusing Microsoft’s Windows Application Verifier debugging tool.

The zero-day exploit, dubbed DoubleAgent, only works if the attacked computer has already been previously compromised. Still, the technique can seriously escalate the severity of a previous breach, Cybellum claims, allowing an adversary to further elevate privileges and perform virtually any attack imaginable. Moreover, DoubleAgent continues injecting code even after reboot, allowing actors to establish silent persistence on a machine.

Complete article on scmagazine.com

Leave a Reply

Your email address will not be published. Required fields are marked *