Code Hooking Is The Hidden Devil Behind Vulnerable Security Software

The Very Softwares That Keep You Safe Could Be Vulnerable…

Researchers from the data exfiltration company enSilo found 6 common security issues that affect more than 15 products and 3 different hooking engines including the most famous commercial hooking engine in the world, Microsoft Detours. These issues stem from incorrect implementations of code hooking and injections techniques according to their blog post on July 19.

“It all started back in 2015 when we noticed injection issue in AVG but this was only the tip of the iceberg. A few months after that we noticed similar issues in McAfee and Kaspersky Anti-Virus. At that point we decided to extend our research and look into the security implications of hooking engines and injection techniques. The results were depressing.” — enSilo researchers

Who all are hit?

This problem not only affects security softwares like popular Anti-Virus softwares but also other common softwares like Microsoft Office which leaves millions of devices vulnerable. Data Leak Prevention (DLP), Anti-Exploitation, Host Intrusion Prevention Systems (HIPS), virtualization applications, performance monitoring softwares and more are also under the radar of this vulnerability.

Some of the vendors affected are listed below:

• Microsoft’s hooking engine, Detours. Quoting Microsoft.com: “Under commercial release for over 10 years, Detours is licensed by over 100 ISVs [independent software vendors] and used within nearly every product team at Microsoft.”
• AVG
• Kaspersky
• McAfee
• Symantec
• BitDefender
• Citrix XenDesktop
• WebRoot
• AVAST
• Emsisoft
• Vera

Some of the vendors have patched their software quickly when notified in the past few months but others still need to act upon this.

How bad is it?

Most of these vulnerabilities allow hackers to bypass operating system and third-party exploit mitigation systems. This makes the work of the attacker quite easy which would be unlikely or even impossible to exploit normally .

It is unclear exactly how long have these vulnerabilities existed but the issue in Microsoft Detours existed for at least 8 years which is now scheduled for patching in August.

Security Or Insecurity

Softwares meant to provide security to users have time and again been proved vulnerable in the recent past. Last month, flaws were discovered in Symantec security products by Google’s Project Zero team. Also Kaspersky products were found vulnerable in other research.

FireEye’s security product was apparently hacked by Los Angeles-based researcher Kristian Erik Hermansen, who revealed on Twitter that he had found ‘at least four’ security flaws in the company’s core product.

All this leads to a doubt in a common user’s mind who expects these softwares to provide them security. Hope these software vendors become more serious about the security of their own products.

Stay tuned for latest updates!