Many standard items of antivirus software program comparable to Microsoft, SentinelOne, TrendMicro, Avast, and AVG could be exploited for his or her knowledge deletion capabilities, a prime cybersecurity researcher has claimed.

In a Proof-of-Idea doc (opens in new tab) dubbed “Aikido”, Or Yair, who works for cybersecurity agency SafeBreach, defined how the exploit works through what is called a time-of-check to time-of-use (TOCTOU) vulnerability.

Notably, in martial arts, Aikido refers to a Japanese model the place the practitioner seems to make use of the motion and drive of the opponent in opposition to himself.

How does it work?

The vulnerability can be utilized to facilitate a wide range of cyber-attacks often called “Wipers” in accordance with Yair, that are generally utilized in offensive struggle conditions.

In cybersecurity, a wiper is a category of malware geared toward erasing the arduous drive of the pc it infects, maliciously deleting knowledge and packages.

In response to the slide deck, the exploit redirects the “superpower” of endpoint detection software program to “delete any file regardless of the privileges”.

The whole course of outlined concerned making a malicious file in “C:tempWindowsSystem32driversndis.sys”.

That is adopted by holding its deal with and forcing the “AV/EDR to postpone the deletion till after the subsequent reboot”.

That is adopted by then deleting the “C:temp listing” and “making a junction in C:temp –> C:”, adopted by then rebooting the machine. 

Solely a few of the hottest antivirus manufacturers had been impacted, round 50% in accordance with Yair.

In response to a slide deck ready by the researcher, Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus had been a few of these affected by the vulnerability. 

Fortunately for some, merchandise comparable to Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender had been unscathed. 

• Occupied with updating your cybersecurity instruments? Take a look at our information to one of the best malware removing instruments