Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Comodo not vulnerable to this AppVerifier injection.
#1
I saw this on comodo facebook page i am posting this for all those who use comodo or who would like to now about this:    Carlos Chaparro
Yesterday at 12:18pm
Hey Comodo, hurry up and fix this asap!
1 Like2 Comments
Like · Comment
Top Comments
Comodo - Security likes this.
Comments
Comodo - Security
Comodo - Security https://forums.comodo.com/.../new-attack...microsofts...

Hello Guys,

No we are not vulnerable to this AppVerifier injection. Michael [from 
Cybellum] contacted us on this issue at our security response email, and we 
had a long discussion on the topic.

The claim was: Malware can use this registry key to inject arbitrary code into 
COMODO processes and hence disable the protection. DLL injection through 
AppVerifier registry keys has been around since Windows XP i.e. the last 10 
years, and CIS [Comodo Internet Security], by default, protects these keys 
against malicious modifications already. Check the attachment 
CIS_protected.png. In order for the attack to be successful, malware has to 
write to this registry key, and CIS already protects against this by default. 
There are actually hundreds of similar ways of injecting into other processes, 
and I am not sure other AVs are even aware of them.

Most of the disagreement comes from not understanding how CIS layered defense 
works and assuming CIS is like the classical antivirus products mentioned in 
the original article. Nevermind protecting itself against such attacks, CIS 
protects EVERY other application against such attacks too.

For this attack to be successful, the malware author should be able to bypass 
CIS protection. CIS, by default, allows only whitelisted applications to 
modify such critical keys. Non-whitelisted applications will be either blocked 
or sandboxed, rendering the attack ineffective.

To his credit however, during our discussions with Michael[from Cybellum], 
another attack vector was disclosed to us. This can cause problems with 
default configuration so we will be addressing it with an update in April. We 
will be giving more details on it with the release.

Thanks
General Discussion (off topic) Anything and everything...
General Discussion (off topic) Anything and everything...
FORUMS.COMODO.COM
Like · Reply · 1 · Yesterday at 6:25pm · Edited
Carlos Chaparro
Carlos Chaparro Thank you!
Like · Reply · 1 · Yesterday at 3:17pm
Reply


Messages In This Thread
Comodo not vulnerable to this AppVerifier injection. - by mrtrout - 03-24-2017 , 11:26 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  700,000 WordPress Sites Vulnerable to Takeover, No Fix Available mrtrout 0 104 11-12-2024 , 11:32 PM
Last Post: mrtrout
  Philips healthcare infomatics solution vulnerable to SQL injection mrtrout 0 649 11-08-2021 , 02:20 AM
Last Post: mrtrout
  Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws Bjyda 0 1,077 03-28-2021 , 12:06 PM
Last Post: Bjyda
  Attackers scan for vulnerable VMware servers after PoC exploit release Bjyda 0 1,120 02-25-2021 , 11:54 PM
Last Post: Bjyda
  Fifty shades of vulnerable: How to play it safe with your smart sex toy Bjyda 0 1,124 02-13-2021 , 10:09 PM
Last Post: Bjyda



Users browsing this thread: 1 Guest(s)