Si usás Windows, tu computadora puede estar en riesgo desde hace tres años

Miles of computers with a Windows operating system are at risk infected por malware durante casi tres años por un presunto fallo de los controllers de Microsoft, que habrían dejado de funcionar correctamente.

Que son y para qué sirven los controllers de Microsoft

The controllers are the files that use the computer’s operating system to communicate with devices and external hardware. Among them, printers, graphic cards, web cameras and other peripherals.

Also read: Estafas por Internet: los casos frecuentes, los más llamativos y consejos para estar a salvo

To work, the controllers need access núcleo del sistema operativo o kernel de la computadora y se requiere que cada uno de ellos esté firmado como seguro, lo que indica que la communication está protegida.

In the case of a controller that presents a digital certificate and, if it has a ‘bug’ or security error, cybercriminals can exploit it and access the system directly. control the device of the victim.

Microsoft has put Windows users at risk for almost three years

This is the risk to which the users of Windows, developed by Microsoft, would not have been able to adequately protect computers with this operating system of malicious controllers for almost three years.

Cuál es el fallo en los controllers

According to a report from Ars Technica, Windows would have put its users at risk no update su lista de bloqueo en Windows Updatewhich adds and controls the new controllers to ensure that they are safe and do not present vulnerabilities.

Para administrarlos, Microsoft utiliza el Hypervisor-Protected Code Integrity (HVIC), que viene default en varios dispositivos de Microsoft y que protege el sistema contra maliciosos controllers. Sin embargo, this system would not have functioned correctly in the last three years, so the users would have been exposed to cyber attacks.

Concretely, Ars Technica cita la technique of injecting ‘software’ maliciously known as BYOVDque facilita que los ciberdelincuentes obtener el control administrativo del sistema y eludir las protections del kernel de Windows.

Also read: Curiosities of Windows 98, the operating system that started with the left foot 24 years ago

This ‘malware’ is characterized by the fact that it does not inscribe an ‘exploit’ from zero to infect the devices, but rather It allows hackers to install third-party controllers with known vulnerabilities and access directly some of the most secure areas of the system.

To demonstrate this flaw in the HVIC, the aforementioned media resorted to the senior analyst of vulnerabilities of ANALYGENCE, Will Dormann, who discovered that there were no problems loading a malicious controller (WinRing0) into a device with the Microsoft security system. Todo ello, a pesar de que este controller sí que estaba incluido en la lista de bloqueo de controllers.

Después, Dormann descubrió que esta ‘blocklist’ has not been updated since 2019 y que las funciones de reducción de surface expuesta a ataques (ASR) tampoco protegían los sistemas contra fraudulent controllers.

In this way, during almost three years, cybercriminals would have been able to load malicious controllers into Windows systems before the total protection of their systems.

Also read: Windows: the curious origin of the name of Microsoft’s operating system

Microsoft admitted la falla

From Ars Technica, a Microsoft project manager, Jeffrey Sutherland, has responded to Dormann’s Twitter posts and has admitted that they had registered problems in the update process from the list of blocked controllers.

“Estamos solucionando los problemas con nuestro de servicio process que ha impedido que los dispositivos reciban updates de nuestra política”, ha added this person in charge of the said social network.

Microsoft has put Windows users at risk for almost three years

In addition, he has shared a tool that allows users of Windows 10 to implement the corresponding updates in the list of blocked controllers.

At the moment, Microsoft has not clarified what could be the cause of this failure in its HVCI protection system, nor has it made reference tol número de usuarios que se habría exposed to these attacks.


Leave a Comment

Your email address will not be published. Required fields are marked *