HomeWinBuzzer NewsWindows DOS-to-NT Path Conversion Process Exploited by Hackers

Windows DOS-to-NT Path Conversion Process Exploited by Hackers

Windows path flaw lets attackers hide files, mimic trusted programs, and create rootkits without admin rights.


SafeBreach security researcher Or Yair has recently unveiled a series of vulnerabilities in the Windows DOS-to-NT path conversion process, which could potentially allow attackers to gain rootkit-like capabilities without requiring administrative privileges. This discovery highlights a critical security risk within the world's most widely used desktop operating system. The Windows NT vulnerabilities stem from a known issue in the conversion process where functions eliminate trailing dots from any path element and trailing spaces from the last path element, a behavior consistent across most user-space APIs in Windows.

Exploring the Implications

The implications of these vulnerabilities are far-reaching. By exploiting these flaws, a malicious actor can hide files and processes, affect prefetch file analysis, and deceive users into believing a malware file is a verified executable published by . Furthermore, these vulnerabilities enable attackers to disable Process Explorer with a denial of service (DoS) vulnerability, among other malicious activities. The researcher's findings underscore the potential for known issues, which might seem harmless, to be exploited, posing significant security risks. Notably, these vulnerabilities allow for the development of user-space rootkits, which aim to intercept API calls and manipulate the data returned to users, all without needing to overcome the stringent security measures required to run kernel rootkits.

Microsoft's Response and the Security Landscape

Upon reporting these vulnerabilities to the Microsoft Security Response Center (MSRC) in 2023, Microsoft acknowledged the issues and has been working on addressing them. This situation sheds light on the broader challenge facing software vendors, who often allow known issues to persist across software versions, thereby inadvertently creating security vulnerabilities. The discovery of these vulnerabilities in Windows, and Microsoft's subsequent response, is a reminder of the constant vigilance required to protect against evolving threats. As the digital landscape continues to evolve, so too must the strategies employed by both software developers and cybersecurity professionals to safeguard against malicious actors.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.