There’s no shortage of clever code injections to keep IT admins awake at night. After all, hackers recently managed to use a simple SQL injection to steal information of roughly 200,000 voters in the state of Illinois.
But cybersecurity researchers have never seen anything like “AtomBombing,” a threat that puts all versions of Windows at serious risk of malware infections.
Is There No Fix?
Every supported version of Windows up to this point uses a function called atom tables, which allow applications on the operating system to share data. According to ZDNet, researchers have learned that a malicious code injection into the atom table could prove disastrous. If a legitimate application is forced to retrieve the malicious code, there’s really nothing security software could do about it.
Typically, application control software will work by blocking unauthorized executables that may contain malware. However, that executable can still run, if it finds a way to manipulate an authorized application – AtomBombing is that way. It basically tricks your secure applications into running malware on your IT environment.
The worst part of all is that because atom tables are a significant component of how Windows functions, there’s no way to circumvent this threat. Once your atom tables have been over-written with malicious code, malware can execute freely.
Be Careful and Be Ready to Restore
At the moment, there are no known threats in the wild that exploit this vulnerability. However, this is hardly a silver lining, especially given the prolific nature of ransomware and other cyberthreats that are introduced through clever social engineering schemes.
In the wake of the discovery of AtomBombing, a Microsoft spokesperson pointed out that “A user’s system must already be compromised before malware can utilize code-injection techniques.”
That provides two glimmers of hope for Windows admins. The first is that you reduce the chances that AtomBombing will ever be an issue through traditional best practices – i.e. being careful what links you open and what attachments you download.
The second is that with proper computer maintenance, the initial code injection needed to run malicious executables under your firewall’s radar won’t be able to survive on a system long enough to cause damage. Specifically, restoring your systems on a regular basis to the preferred system configurations, will help maintain operational standards while effectively wiping away the nefarious code changes.
To that end, Faronics Deep Freeze provides an invaluable service. With patented reboot to restore functionality, you need to only boot down your computers at the end of the day. The next morning, any and all malicious code injections will be erased from your atom tables.
Contact Faronics today to learn more.