Hundreds of security products may not be up the job, researchers say, thanks to flawed uses of code hooking.
The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month.The pair say 15 products including AVG, Symantec, and McAfee are affected . Scores more may be vulnerable thanks to their use of Microsoft's Detours , code Redmond says is used for "re-routing Win32 APIs underneath applications [and] is licensed by over 100 ISVs and used within nearly every product team at Microsoft."
The researchers did not specify if Microsoft’s enhanced mitigation experience toolkit (EMET) is affected.
Attackers would already need access to a system to reap the benefits of the vulnerabilities and neuter the security platforms running on the target system.
“We found six different common security issues that stem from incorrect implementation of code hooking and injections techniques,” the pair say.
“These issues were found in more than 15 different products.
“Practically, it means that thousands of products are affected.”
Microsoft is brewing a patch for Detours due to drop next month which will help to address matters.
The pair examined intrusive user-mode hooks common across end point security products and man-in-the-middle malware alike, namely the Duqu trojan, making the “depressing” finding that many are vulnerable to exploitation.
Patching will be a slow process of recompiling affected security software, the pair say.