Design weaknesses in Microsoft’s Windows Smart App Control and SmartScreen features have been exploited by attackers since 2018.

Description

Security researchers have identified vulnerabilities in these security features [5], including issues with .lnk files in Smart App Control [5]. Threat actors can gain initial access without raising warnings by bypassing security checks with minimal user interaction, such as getting apps signed with reputable certificates or using techniques like LNK Stomping. Attackers can also exploit Smart App Control by signing malware with a code-signing certificate [5], hijacking reputations of script hosts [5], and injecting attacker-controlled binaries into the system [5]. Reputation tampering is possible [5], as certain changes to a file do not affect its reputation in Smart App Control [5]. Additionally, a MotW vulnerability can be exploited via Lnk files [5], allowing attackers to manipulate the MotW flag and evade security checks [5]. These weaknesses have been exploited by malicious actors [7], as seen in the case of HotPage [7]. Security teams are advised to carefully scrutinize downloads and not rely solely on these native security features for protection [1] [4] [6]. Smart App Control is a cloud-based security feature in Windows 11 that aims to prevent the execution of malicious [4], untrusted [2] [3] [4], and potentially unwanted applications [4]. SmartScreen [1] [2] [3] [4] [5] [6] [7], introduced with Windows 10 [3] [4], determines the potential maliciousness of downloaded sites or applications [4].

Conclusion

These vulnerabilities have significant implications for the security of Windows systems. Security teams must be vigilant in monitoring and protecting against these exploits. It is crucial to implement additional security measures beyond Smart App Control and SmartScreen to enhance overall system security and protect against sophisticated attacks.

References

[1] https://vulners.com/thn/THN:5A909FBBA80E4D8AF5407B789A8F36F1
[2] https://news.backbox.org/2024/08/05/researchers-uncover-flaws-in-windows-smart-app-control-and-smartscreen/
[3] https://cyberdaily.co.uk/2024/08/05/researchers-uncover-flaws-in-home-windows-good-app-management-and-smartscreen/
[4] https://blog.ehcgroup.io/2024/08/05/16/44/51/17446/investigadores-descubren-fallas-en-windows-smart-app-control-y-smartscreen/noticias-de-seguridad/ehacking/
[5] https://borncity.com/win/2024/08/06/windows-smartscreen-and-smart-app-control-exploited-since-2018/
[6] https://pledgetimes.com/smart-app-control-windows-feature-flaw-discovered/
[7] https://thehackernews.com/2024/08/researchers-uncover-flaws-in-windows.html