Security firm Bromium Labs has discovered a way to use an old Windows kernel exploit to bypass popular anti-malware and other security software.
The method, known as Layer on Layer (LOL) attacks, allow hackers to bypass multiple layers of security in one fell swoop, without anyone being the wiser.
Kernel integrity
Bromium will showcase its findings at Infosecurity Europe and BSides London, with a demonstration of how the exploit works.
The firm states that even layered approaches to security, advocated by many top security professionals, have weaknesses. It says that virtually all endpoint technologies are reliant on the integrity of the kernel.
"While many were aware of the discovery of the TDL4 rootkit rumoured to be using kernel exploit code at the end of last year, few paid it any serious attention. And that was a huge error of judgement," said Rahul Kashyap, Head of Security Research at Bromium.
"We discuss that such vulnerabilities can prove lethal to enterprise security and likely go unnoticed for a long periods of time. By simply 'tweaking' the exploit, we found we could bypass all the different layers of security software that an enterprise might deploy on an end user machine."
Bromium believes many more zero-day vulnerabilities exist in the millions of lines of code in the Windows kernel.