Windows Zero-day Exploit Allows Hackers to Take Over any Installed Application

When computer operating systems start to turn on their users, things are not looking good by any means. A new zero-day attack that affects the Windows operating system will turn installed antivirus solutions into a legitimate malware threat. Antivirus vendors are not too concerned about this situation right now, even though it is still a troublesome development.

Compromising Antivirus Solutions is The Latest Hacker Trick

The DoubleAgent attack is a new zero-day attack vector targeting Windows operating system users all over the world. It appears DoubleAgent takes advantage of a legitimate Windows tool, which makes the whole ordeal quite worrisome. Cyber criminals can take advantage of the Microsoft Application Verifier tool and turn installed antivirus solutions into a malware threat.

To be more specific, DoubleAgent takes advantage of an undocumented feature in the Microsoft Application Verifier. It appears this feature has been around ever since Windows XP came around. This feature allows developers to conduct runtime verification of their applications so they can address software issues. This same “tool” is now used to replace the legitimate verifier with a rogue version that gives assailants complete control over the application.

So far, it appears no vendor is safe from this zero-day exploit. Popular and lesser-known vendors are all vulnerable to criminals taking advantage of the Microsoft Application Verifier. To be more specific, the exploit gives assailants a relatively easy option to snoop on computer user activity, stealing data from the system, and even spreading to their devices connected to the same network.

Moreover, the assailants would be able to control the installed antivirus solution without being detected. To the end user, it will appear the antivirus program is operating just fine, even though that is not the case. This issue is not exactly new either, as all affected vendors were notified about this problem over three months ago. For some reason, very few vendors issued a patch to address this problem, which means computers around the world are still vulnerable to this attack.

Although it appears this thread mostly pertains to hijacking antivirus solutions right now, there is no limit as to what criminals can do. In fact, they can use this exploit to gain control over any other application installed on the computer. All an assailant has to do is execute the exploit with the requested application name and the attack will occur automatically. This leaves computers wide open to many different types of hijacking, that much is certain.

Antivirus vendors are not overly concerned about this zero-day exploit right now, though.  In fact, doing real harm would require assailants to write directly to the Windows registry, which can only be done by someone with Administrator privileges. It is not unlikely an attacker could obtain these credentials, even though it somewhat reduces the threat level. That being said, this exploit should not be overlooked by any means, as it still puts Windows users at risk.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.