«

»

Mar 24

DoubleAgent Vulnerability poses a risk to Security Software – Steps You Can Take

DoubleAgent is a vulnerability in the Microsoft code checking software that allows an attacker to replace that code checker with an alternative version. Once the alternate version is in place and the software using it checks for changes to its code based on the results, it reacts accordingly. This, in turn, allows an attacker to replace critical code, such as a security software’s own code, with code from an attacker. While it is impossible to know what changes an attacker might make, the list can include deletion of files, theft of data, and even remote control of the computer.

While every Windows operating system is potentially vulnerable, all versions of Windows from 8.1 and later use an additional layer of protection that most security software vendors already take advantage of, thereby reducing the risk. Windows 7 and older systems, however, have additional susceptibility.

What can I do?

To address this vulnerability on your computers, perform the following :

  1. Check to see if there is an alternate Administrative account on the computer. If not, create one.
  2. Remove Admin privileges from the primary account you use on each of your computers.
  3. Verify that the most recent version of your security software is installed.
    1. Update, if necessary
  4. Reboot when complete.

The Risks of an Admin Account

The reason for removing admin privileges is that this exploit, like many others, is toothless unless the logged in user has administrative privileges. Without those privileges, the code checker cannot be modified, which, in turn, protects the security software as well. While you have to have an admin account somewhere on your computer, and removing administrative privileges from your day to day account in itself does not secure against all threats, it does reduce the risk because the installation of a wide variety of software generates a prompt requiring the admin account’s username and password, which should be different than the one used in every day activities on your computer.