Thursday , June 5 2025
flow

SafeBreach security research
Experts Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

According to a new research bad actors could exploit the DOS-to-NT path conversion process to hide and impersonate files, directories, and processes, gaining rootkit-like capabilities.

“When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path,” SafeBreach security researcher Or Yair said in an analysis, which was presented at the Black Hat Asia conference last week.

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

“During this conversion process, a known issue exists in which the function removes trailing dots from any path element and any trailing spaces from the last path element. This action is completed by most user-space APIs in Windows.”

The hackernews reported these so-called MagicDot paths allow for rootkit-like functionality that’s accessible to any unprivileged user, who could then weaponize them to carry out a series of malicious actions without having admin permissions and remain undetected.

They include the ability to “hide files and processes, hide files in archives, affect prefetch file analysis, make Task Manager and Process Explorer users think a malware file was a verified executable published by Microsoft, disable Process Explorer with a denial of service (DoS) vulnerability, and more.”

The discovery of four security shortcomings, three of which have since been addressed by Microsoft –

  • An elevation of privilege (EoP) deletion vulnerability to delete files without sufficient privileges (to be fixed in a future release)
  • An elevation of privilege (EoP) write vulnerability that allows unauthorized writing into files during the restoration process of a previous version (CVE-2023-32054, CVSS score: 7.3)
  • A vulnerability that allows for remote code execution (RCE) by extracting a specially crafted archive (CVE-2023-36396, CVSS score: 7.8)
  • A denial-of-service (DoS) vulnerability impacting Process Explorer when launching a lengthy executable name without a file extension

“This research is the first of its kind to explore how known issues that appear to be harmless can be exploited to develop vulnerabilities and, ultimately, pose a significant security risk,” Yair explained.

Rootkit-Like Powers: 

“We believe the implications are relevant not only to Microsoft Windows, which is the world’s most widely used desktop OS, but also to all software vendors, most of whom also allow known issues to persist from version to version of their software.”

Source: SafeBreach, Thehackernews

Check Also

ASUS routers

CVE-2023-39780
Botnet hacks thousands of ASUS routers

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed …

Leave a Reply

Your email address will not be published. Required fields are marked *