Update your Windows to defend against Complete Control attack

3 minute read
Windows users susceptible to malware attack

Home » News » Update your Windows to defend against Complete Control attack

Windows users are once again susceptible to malware attacks.

The driver vulnerability has now escalated

As we already reported, earlier this month Eclypsium, a cybersecurity firm, revealed that most of the hardware manufacturers have a flaw that allows malware to gain kernel privileges at the user level.


Looking for the best antimalware tools to block threats on Windows 10? Check out our best picks in this article.


This means that it can gain direct access to firmware and hardware.

Now, the Complete Control attack that threatened BIOS vendors like Intel and NVIDIA affects all newer versions of Windows including 7, 8, 8.1, and Windows 10.

At the moment of the discovery, Microsoft stated that the threat is not a real danger for its OS and Windows Defender can stop any attack based on the flaw.

But the tech giant forgot to mention that only the latest Windows patches offer protection. So, Windows users who aren’t up to date are susceptible to attacks.

To combat that, Microsoft wants to blacklist any drivers that present the vulnerability through HVCI (Hypervisor-enforced Code Integrity), but this won’t solve the problem for everyone.

HVCI is only supported on devices running 7th Gen Intel CPUs or newer. Again, users who have older drivers have to uninstall the affected drivers manually or they are susceptible to the fault.


Always protect your data with an antivirus solution. Check out this article to find the best ones available today.


Hackers use NanoCore RAT to get acces to your system

Now, attackers have found ways to exploit the vulnerability and an updated version of Remote Access Trojan (RAT) called NanoCore RAT is lurking around.

Fortunately, security researchers at LMNTRX Labs have already dealt with it and shared how you can detect the RAT:

  • T1064 – Scripting: Scripting is commonly used by system administrators to perform routine tasks. Any anomalous execution of legitimate scripting programs, such as PowerShell or Wscript, can signal suspicious behaviour. Checking office files for macro code can also help identify scripting used by attackers. Office processes, such as winword.exe spawning instances of cmd.exe, or script applications like wscript.exe and powershell.exe, may indicate malicious activity.
  • T1060 – Registry Run Keys / Startup Folder: Monitoring Registry for changes to run keys that do not correlate with known software or patch cycles, and monitoring the start folder for additions or changes, can help detect malware. Suspicious programs executing at start-up may show up as outlier processes that have not been seen before when compared against historical data. Solutions like LMNTRIX Respond, which monitors these important locations and raises alerts for any suspicious change or addition, can help detect these behaviours.
  • T1193 – Spearphishing Attachment: Network Intrusion Detection systems, such as LMNTRIX Detect, can be used to detect spearphishing with malicious attachments in transit. In LMNTRIX Detect’s case, in-built detonation chambers can detect malicious attachments based on behaviour, rather than signatures. This is critical as signature-based detection often fails to protect against attackers that frequently change and update their payloads.

Be sure to stay safe by updating all your drivers and your Windows to the latest available.

If you don’t know how to do that, we’ve prepared a guide that will help you update any outdated drivers.

READ ALSO:

Discussions

Next up

Google Chrome doesn’t finish downloads? Try this

Alexandru Voiculescu By: Alexandru Voiculescu
2 minute read

We all know how good Google Chrome is. This is why the browser became the most popular surfing tool in the world. Usually, Chrome is […]

Continue Reading

Not enough physical memory error in VMware [FULL FIX]

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

A large number of VMware users have reported encountering the following error message: Not enough physical memory is available to power this virtual machine with […]

Continue Reading

Troubles with your Uplay login? Here’s what you can do

John Taylor avatar. By: John Taylor
2 minute read

Some users have reported that they are having problems when trying to log in their Uplay client. Apparently, they receive an error message that looks […]

Continue Reading