Dec 12, 2022 12:05:00

A vulnerability 'Aikido (Aikido)' that popular antivirus software such as Microsoft and Avast completely destroys PC data can be found

A zero-day vulnerability that exploits the ability to delete infected files in major antivirus and

endpoint detection response (EDR) software such as Microsoft Defender, Avast, AVG, Trend Micro, etc. It turns out that there is a (extravagant) nature.

SafeBreach Labs Discovers New Zero-Day Vulnerabilities | New Research
https://www.safebreach.com/resources/blog/safebreach-labs-researcher-discovers-multiple-zero-day-vulnerabilities/

For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers
https://www.darkreading.com/vulnerabilities-threats/cyberattackers-popular-edr-tools-destructive-data-wipers

On December 7, 2022, SafeBreach, an American cybersecurity company, will conduct a stealthy attack by exploiting the security software installed on the target system, and will steal data from the victim's device without privileges. Reported a proof of concept (PoC) that it can be removed.

According to Or Yair, a security researcher at SafeBreach, the real-time protection of many antivirus software can be divided into two stages: ``Detect malicious files by automatic scanning'' and ``Remove malicious files''. That's what I'm talking about.

Then, by using a bug called ' Time of check to time of use (TOCTOU) ' that interferes with the gap between these two stages and causes malfunctions, after detecting a malicious file, a valid file instead of the path of the file , I could even delete system files that would otherwise require privileged access.

This PoC announced at the security conference Black Hat Europe 2022 is named `` Aikido Wiper '' because it wipes out data by taking advantage of the power of security software.

When Mr. Yair tried 'Aikido Wiper' with major security software, he found that it was effective in 6 out of 11 products, more than half. Specific product names are as follows. In addition to the standard Windows security products Microsoft Windows Defender and Windows Defender for Endpoint, 'Aikido Wiper' was available for TrendMicro ApexOne, Avast Antivirus, AVG Antivirus, and SentinelOne.

Aikido Wiper exploits the functionality of the most trusted security software on the system, making it impossible to detect or prevent file deletion. It can also delete important system files, including drivers, making the OS unbootable.

Prior to the announcement, in July and August 2022, Yair reported the vulnerability to the vendors of the security products in which the issue was identified. As a result, three of the companies that received the report, Microsoft, Trend Micro, and Avast (AVG), created and released patches. However, SentinelOne's support has not yet been confirmed, and the exploit may be hidden in other companies' security products that have not been tested.

“Organizations currently using EDR and antivirus products are strongly encouraged to discuss this vulnerability with their vendor and promptly install the vendor-provided software update or patch,” Yair said. I recommend it,' he said.