Skip to main content

Want to beat Microsoft's Windows security defenses? Poke some 32-bit software

posted onNovember 4, 2015
by l33tdawg

Two chaps claim to have discovered how to trivially circumvent Microsoft's Enhanced Mitigation Experience Toolkit (EMET) using Redmond's own compatibility tools.

A report [PDF] by the duo at Duo Security describes how the Windows on Windows (WoW64) environment can be abused to bypass builtin security tools.

WoW64 allows 32-bit applications to run on 64-bit Windows installations. At its core, it works by trapping system calls made by code running in 32-bit mode, and jumping to 64-bit long mode before letting Windows handle the call. By taking advantage of the mode changes, we're told, it is possible to smuggle malicious code past EMET's barriers, which ordinarily do a good job of blocking vulnerability exploits.

Source

Tags

Microsoft Windows Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th