Security News > 2020 > April > Microsoft Will Not Patch Security Bypass Flaw Abusing MSTSC
A DLL side-loading vulnerability related to the Microsoft Terminal Services Client can be exploited to bypass security controls, but Microsoft says it will not be releasing a patch due to exploitation requiring elevated privileges.
This allows an attacker who can replace the legitimate DLL to bypass security controls such as AppLocker, which is designed to help users control which apps and files can be run.
"The attacker attempts to execute the malicious shell, and security controls block the attempt," the company explained.
"The attacker copies mstsc.exe to an insecure directory, and places the malicious shell in place of mstscax.dll, and executes mstsc.exe. Due to mstsc.exe being a system binary, digitally signed by Microsoft, it is considered a trusted process by security controls. Mstsc.exe loads the malicious shell. At this point, malicious code is running under the context of mstsc.exe, efficiently bypassing security controls."
The company told SecurityWeek that, depending on the malicious code being executed, an attacker could potentially exploit the flaw to elevate privileges.
News URL
Related news
- Microsoft overhauls security for publishing Edge extensions (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- Microsoft warns it lost some customer's security logs for a month (source)
- Microsoft lost some customers’ cloud security logs (source)