A flaw has been discovered that allows programs to be launched without warning by bypassing 'Smart App Control' and 'SmartScreen' in Windows 10 and 11



Security firm Elastic Security Labs has discovered a design flaw in Windows' built-in security features 'Smart App Control' and 'SmartScreen' that allows programs to be launched without security warnings or pop-ups.

Dismantling Smart App Control — Elastic Security Labs

https://www.elastic.co/security-labs/dismantling-smart-app-control



Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

https://thehackernews.com/2024/08/researchers-uncover-flaws-in-windows.html

Windows Smart App Control, SmartScreen bypass exploited since 2018
https://www.bleepingcomputer.com/news/microsoft/windows-smart-app-control-smartscreen-bypass-exploited-since-2018/

Smart App Control is a cloud-based security feature introduced in Windows 11 that blocks malicious, untrusted, and unsigned apps from running.

SmartScreen is a similar feature introduced in Windows 8 that will protect Windows from potentially malicious content if Smart App Control is not enabled.



Elastic Security Labs reported on August 6, 2024 that Smart App Control and SmartScreen have several design flaws that allow attackers to gain

initial access without security warnings or pop-ups. Initial access is the initial stage of unauthorized access to a target of a cyber attack.

According to the report, attackers are masquerading as companies to obtain Extended Validation (EV) certificates , which they then use to sign malware and circumvent Smart App Control.

Elastic Security Labs also points out that it is possible to bypass Smart App Control and SmartScreen through 'reputation hijacking,' which hijacks reputable apps, and a bug in the processing of LNK files , known as 'LNK stomping.'



Elastic Security Labs looked for evidence of these flaws being exploited on the malware testing site VirusTotal and found that the oldest reported exploit dates back to 2018, meaning that these security flaws have been exploited in the wild for six years.

Elastic Security Labs said, 'While reputation- based protection systems are a powerful layer of protection for blocking common malware, all security technologies have flaws that can be circumvented if you are careful to look for them. Security teams should carefully scrutinize downloads in their detection stacks and not rely solely on native OS security features for protection in this area.'

in Software,   Security, Posted by log1l_ks