Null Character Bug Lets Malware Bypass Windows 10 Anti-Malware Scan Interface

Malware that embeds a null character in its code can bypass security scans performed by the Anti-Malware Scan Interface (AMSI) on Windows 10 boxes.

Flaw affects AMSI Windows 10 security feature

Microsoft fixed this vulnerability last week when it released the February 2018 Patch Tuesday security updates. The vulnerability resides with Anti-Malware Scan Interface (AMSI), a generic security feature that acts as an intermediary point between apps and local antivirus engines.

AMSI allows an app to send a file to be scanned by the local security software and return the results. AMSI was introduced with Windows 10 and is vendor agnostic, meaning it will automatically send the file to any AMSI-compatible AV engine on the local PC, not just the built-in Windows Defender […]

Quelle: Null Character Bug Lets Malware Bypass Windows 10 Anti-Malware Scan Interface | Bleepingcomputer.com