A research team, part of the Windows Defender Advanced Threat Protection system, has detected several hacking attempts against Windows 10 users.
Hackers used a vulnerability in the Windows 10 software update system to gain remote access to certain targeted computers. They then fed malware on the systems without the user knowing about it.
How did hackers infiltrate the systems?
Hackers used PowerShell scripts (a task automation and configuration management framework from Microsoft) combined with the Meterpreter reverse shell (an advanced and extensible payload that used in-memory injection) to silently infiltrate the target. Similar techniques have been used before to carry out attacks on high-profile systems.
Am I still vulnerable?
The effects of the attacks have been mitigated for now, according to Microsoft, but the company on learning about the vulnerability has advised third-party software vendors to be wary when creating updates to their products. The company stresses the need for stronger security features for such automated update systems. It suggests robust encryption to prevent such attacks in future.
"It's early discovery allowed incident responders – a collaboration of security experts from the targeted industries and developers working for the third-party software vendor – to work with Microsoft security researchers to promptly identify and neutralise the activities associated with this cyber espionage campaign," according to Microsoft.
What to do to stay safe?
Although the attacks have been largely controlled to prevent such attacks in future users of Windows 10 need to disable auto updates as a primary measure. Masking malware as standard software updates is a common practice used by hackers.