Update your Windows to defend against Complete Control attack

by Vlad Turiceanu
Vlad Turiceanu
Vlad Turiceanu
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming... read more
Affiliate Disclosure
Windows users susceptible to malware attack

Windows users are once again susceptible to malware attacks.

The driver vulnerability has now escalated

As we already reported, earlier this month Eclypsium, a cybersecurity firm, revealed that most of the hardware manufacturers have a flaw that allows malware to gain kernel privileges at the user level.

Looking for the best antimalware tools to block threats on Windows 10? Check out our best picks in this article.

This means that it can gain direct access to firmware and hardware.

Now, the Complete Control attack that threatened BIOS vendors like Intel and NVIDIA affects all newer versions of Windows including 7, 8, 8.1, and Windows 10.

At the moment of the discovery, Microsoft stated that the threat is not a real danger for its OS and Windows Defender can stop any attack based on the flaw.

But the tech giant forgot to mention that only the latest Windows patches offer protection. So, Windows users who aren’t up to date are susceptible to attacks.

To combat that, Microsoft wants to blacklist any drivers that present the vulnerability through HVCI (Hypervisor-enforced Code Integrity), but this won’t solve the problem for everyone.

HVCI is only supported on devices running 7th Gen Intel CPUs or newer. Again, users who have older drivers have to uninstall the affected drivers manually or they are susceptible to the fault.

Always protect your data with an antivirus solution. Check out this article to find the best ones available today.

Hackers use NanoCore RAT to get acces to your system

Now, attackers have found ways to exploit the vulnerability and an updated version of Remote Access Trojan (RAT) called NanoCore RAT is lurking around.

Fortunately, security researchers at LMNTRX Labs have already dealt with it and shared how you can detect the RAT:

  • T1064 – Scripting: Scripting is commonly used by system administrators to perform routine tasks. Any anomalous execution of legitimate scripting programs, such as PowerShell or Wscript, can signal suspicious behaviour. Checking office files for macro code can also help identify scripting used by attackers. Office processes, such as winword.exe spawning instances of cmd.exe, or script applications like wscript.exe and powershell.exe, may indicate malicious activity.
  • T1060 – Registry Run Keys / Startup Folder: Monitoring Registry for changes to run keys that do not correlate with known software or patch cycles, and monitoring the start folder for additions or changes, can help detect malware. Suspicious programs executing at start-up may show up as outlier processes that have not been seen before when compared against historical data. Solutions like LMNTRIX Respond, which monitors these important locations and raises alerts for any suspicious change or addition, can help detect these behaviours.
  • T1193 – Spearphishing Attachment: Network Intrusion Detection systems, such as LMNTRIX Detect, can be used to detect spearphishing with malicious attachments in transit. In LMNTRIX Detect’s case, in-built detonation chambers can detect malicious attachments based on behaviour, rather than signatures. This is critical as signature-based detection often fails to protect against attackers that frequently change and update their payloads.

Be sure to stay safe by updating all your drivers and your Windows to the latest available.

If you don’t know how to do that, we’ve prepared a guide that will help you update any outdated drivers.


This article covers:Topics: