Hackers find a way around built-in Windows protections

Fox News - Apr 12th, 2025

Tech expert Kurt Knutsson highlights a security concern where hackers exploit vulnerabilities in Windows Defender Application Control (WDAC) to bypass security measures. This scam involves fake Windows Defender pop-ups that trick users into downloading malicious software. Despite WDAC's intention to block unauthorized applications, attackers use legitimate tools like Living-off-the-Land Binaries (LOLBins) and DLL sideloading to execute unauthorized code, making traditional detection methods ineffective.

This vulnerability raises concerns about the effectiveness of WDAC as a security measure. While Microsoft offers a bug bounty program to identify and fix security gaps, some bypass techniques remain unpatched. The implications are significant, as successful bypass allows attackers to deploy malware like ransomware without detection. Users are advised to keep their systems updated, download software from trusted sources, and use strong antivirus software to mitigate these risks. This issue underscores the need for Microsoft to enhance its security measures to protect against evolving cyber threats.

Microsoft Kurt Knutsson Cybersecurity Windows Defender Hackers Wdac Tech Support Scam Living Off The Land Binaries Dll Sideloading

Story submitted by Fairstory

RATING

6.8

Fair Story

Consider it well-founded

The article effectively highlights a critical issue in cybersecurity related to Windows Defender Application Control (WDAC) vulnerabilities. It provides clear and practical information for readers, emphasizing the importance of staying informed and taking protective measures. While the article is generally accurate and timely, it would benefit from more direct citations and detailed explanations of the evidence supporting its claims. The balance of perspectives could be improved by including more information on Microsoft's responses to these vulnerabilities. Despite these areas for improvement, the article serves as a useful resource for raising awareness about cybersecurity risks and encouraging proactive behavior among users.

Accuracy

The article presents accurate information regarding the Windows Defender Application Control (WDAC) and its vulnerabilities. It correctly identifies WDAC as a security feature designed to enforce strict rules on application execution, which aligns with known technical descriptions. The claim that hackers have found ways to bypass WDAC using methods like Living-off-the-Land Binaries (LOLBins) and DLL sideloading is consistent with documented cybersecurity practices. The mention of Bobby Cooke from IBM X-Force Red confirming a specific bypass using Microsoft Teams adds credibility, assuming it is a verifiable statement from a reliable source. However, the article would benefit from more explicit citations or links to external sources, such as technical reports or studies, to further substantiate these claims.

Balance

The article maintains a fairly balanced perspective by discussing both the vulnerabilities in WDAC and the measures users can take to protect themselves. It highlights the role of hackers in exploiting these vulnerabilities while also pointing out Microsoft's efforts through its bug bounty program. However, the focus is primarily on the vulnerabilities, with less emphasis on Microsoft's ongoing efforts to patch these issues. Including more information on Microsoft's perspective or statements could provide a more rounded view.

Clarity

The article is written in clear and accessible language, making complex technical concepts understandable for a general audience. It uses straightforward examples to explain how hackers bypass WDAC, which aids comprehension. The structure is logical, with a progression from identifying the problem to suggesting protective measures. However, the promotional elements for the newsletter and additional content could distract from the main message.

Source quality

The article references credible sources such as IBM X-Force Red and mentions Microsoft's bug bounty program, which adds to its reliability. However, it lacks direct citations or links to original research or statements from these entities. The reliance on a tech expert's commentary without clear attribution to specific studies or reports may limit the perceived authority of the information presented.

Transparency

The article provides a general overview of the WDAC vulnerabilities and bypass techniques but lacks detailed explanation of the methodology or evidence supporting these claims. There is no disclosure of potential conflicts of interest or the basis for the expert's opinions. Greater transparency in how the information was gathered and the sources consulted would enhance the article's credibility.