Mac Developer: Hacking group “PLATINUM” used Windows’ own patching system against it | Ars Technica
Hacking group “PLATINUM” used Windows’ own patching system against it | Ars TechnicaIn 2006, Alex Sotirov gave a presentation at Black Hat that briefly described how Windows' hotpatching worked in the context of a description of how third parties had offered some quick patches for Windows flaws while waiting for Microsoft's official fixes. A more thorough description was given by Alex Ionescu at SyScan 2013. Ionescu's talk wasn't just about how hotpatching was implemented, but described ways that attackers could use it to modify running systems to inject malware without having to write the malware to disk or inject DLLs, both of which are visible to anti-malware software and humans alike.
The joys of a monoculture. It's like a petri dish where microbes flourish.
Labels: security flaw, security policy