By Light Researcher Discovers Technique to Bypass Microsoft Application Tool
ARLINGTON, Va.--(BUSINESS WIRE)--Feb 1, 2019--A By Light Professional IT Services LLC security researcher, Jimmy Bayne, has determined a procedure for bypassing Microsoft Application Control solutions using Component Object Model (COM). The technique executes unsigned code to bypass Windows Defender Application Control (WDAC)/Device Guard, including PowerShell Constrained Language Mode (CLM) with an Extensible Stylesheet Transformation (XSLT). Microsoft issued a patch for this bypass vulnerability in October 2018 (CVE-2018-8492).
“With WDAC, the Windows attack surface is greatly reduced,” said Jimmy. “After discovering accessible COM object methods, I used a PowerShell snippet to test for unsigned code execution. The payload executed under the context of CLM and an enforced code integrity policy.”
The full post containing example screenshots can be found here: https://bohops.com/2019/01/10/com-xsl-transformation-bypassing-microsoft-application-control-solutions-cve-2018-8492/.
About By Light
By Light Professional IT Services LLC is an ISO 9001, 20000-1, and 27001 registered and CMMI Level 3 certified systems integrator that provides secure, turn-key systems by incorporating exceptional engineering, project management, telecommunications and cyber capabilities to safeguard mission success. Founded by industry professionals with extensive knowledge in the DoD and other US Government Agencies, By Light successful implements technical solutions that integrate the best commercial practices to meet all government requirements. For more information, visit www.bylight.com.
View source version on businesswire.com:https://www.businesswire.com/news/home/20190201005420/en/
CONTACT: Katie Accame
KEYWORD: UNITED STATES NORTH AMERICA DISTRICT OF COLUMBIA VIRGINIA
INDUSTRY KEYWORD: TECHNOLOGY DATA MANAGEMENT INTERNET NETWORKS SOFTWARE TELECOMMUNICATIONS SECURITY MOBILE/WIRELESS PROFESSIONAL SERVICES CONSULTING DEFENSE OTHER DEFENSE
SOURCE: By Light Professional IT Services LLC
Copyright Business Wire 2019.
PUB: 02/01/2019 12:46 PM/DISC: 02/01/2019 12:47 PM