Researchers with SafeBreach have discovered flaws in the Windows DOS-to-NT path conversion process that can be exploited by hackers to gain rootkit-like capabilities, allowing them to conceal and impersonate files, directories, and processes.
The Breakdown
The DOS-to-NT path conversion process in Windows can be exploited to achieve rootkit-like functionality.
These vulnerabilities, known as MagicDot paths, enable unprivileged users to carry out malicious actions without admin permissions and remain undetected.
The flaws have led to the discovery of four security vulnerabilities, three of which have been reportedly addressed by Microsoft.
The research highlights how seemingly harmless issues can be exploited to create vulnerabilities and pose a significant security risk.
The identified vulnerabilities in the Windows DOS-to-NT path conversion process can grant hackers rootkit-like powers, enabling them to hide files and processes, affect file analysis, and impersonate Microsoft files.
Microsoft has addressed three of the four security vulnerabilities, but one is yet to be fixed in a future release.