System-level Atom Tables in Windows read more at here www.spinonews.com/index.php/item/1446-system-level-atom-tables-in-windows

A security researcher has found a way to abuse the system-level Atom Tables in Windows all versions of Windows, through to Win 10.

Atom Tables are defined by the system to store strings with an identifier to access them; they can be global (like the tables that pass data via DDE between applications), or local (for use by a single application).

EnSilo's research team has found that they can inject code into Atom Tables. In Atom Bombing attack, an attacker can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table.

EnSilo also found that the legitimate program, now containing the malicious code can be manipulated to execute that code.

The company is keeping mum about the precise mechanism of the attack, but says like most code injection attacks, it relies on tricking a user into running a malicious executable.

However, a successful attack could accomplish quite a lot of evil, the most obvious being snooping on the contents of memory to grab keystrokes or passwords.

The EnSilo post also suggests screen-grabs and browser hijack exploits as other applications of Atom Bombing.

The Atom Tables are a fundamental part of the operating system, defenses must be put in place at firewalls, to block incoming executables. 

Comments