New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections

01-Jan-23

Researchers studying security have discovered a novel form of dynamic link library (DLL) search order hijacking that threat actors might employ to get around security measures and execute malicious code on Microsoft Windows 10 and Windows 11 platforms. The cybersecurity company Security Joes stated in a new study that was privately shared with The Hacker News that the strategy “leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL search order hijacking technique.”



By doing this, adversaries can, as has been seen in the past, insert potentially vulnerable binaries into the attack chain and do away with the requirement for elevated privileges when trying to run malicious code on a compromised system.

Read More…