A recently unveiled variant of the dynamic link library (DLL) search order hijacking technique is causing ripples, posing a substantial threat to systems running Microsoft Windows 10 and Windows 11. Security researchers, notably Security Joes, shed light on this innovative approach that capitalizes on executables within the trusted WinSxS folder, sidestepping security measures and enabling threat actors to execute malicious code with a newfound subtlety. Unlike conventional DLL search order hijacking, this method strategically targets files in the critical “C:\Windows\WinSxS” folder, introducing complexity and stealth to the attack. CEO Ido Naor emphasizes the novelty of this discovery, urging organizations to take immediate precautions by scrutinizing parent-child relationships between processes, particularly focusing on trusted binaries, and monitoring activities in the WinSxS folder to thwart potential exploits. The blog post below delves into the intricacies of the new DLL search order hijacking variant, exploring its implications, vulnerabilities, and offering guidance on fortifying systems against this emerging threat.
https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html