Windows 10’s anti-malware scan interface, also known as AMSI, is bypassing files whenever it detects a null character and leaving malicious code included.
The flaw was detected by security researcher Satoshi Tanda, that revealed it in a February 16 blog post. Microsoft patched the flaw in its February security update, which is why Tanda published his piece breaking down all the details of this serious security flaw.
It isn’t known if this Windows 10 AMSI exploit has been used by actual attackers, but with it now being publicly known it’s sure to be attempted. With a patch already available for the problem, anyone who falls prey to it will be in the same boat as victims of other high-profile cyberattacks; that is, guilty of not installing essential Windows 10 security updates.
This flaw was patched in the last round of security updates. However, that doesn’t mean attackers won’t try to exploit it. WannaCry, Petya, and other widespread cyber attacks from 2017 relied on unpatched systems to propagate. This is, in fact, a big problem for all security matters.
Be safe: Install the February Windows 10 security updates ASAP.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.