Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Windows MiniFilter Exploit Bypasses EDR

September 18, 2024
Reading Time: 2 mins read
in Alerts
Windows MiniFilter Exploit Bypasses EDR

A significant security vulnerability has emerged within the Windows MiniFilter driver, raising concerns about its potential to bypass Endpoint Detection and Response (EDR) systems. Eito Tamura, a Principal Consultant at Tier Zero Security, has discovered that this vulnerability allows attackers to manipulate MiniFilter driver Altitudes in a way that prevents EDR drivers from loading. This manipulation effectively blinds EDR systems by blocking crucial kernel callbacks, which impedes their ability to detect, monitor, and respond to security threats.

Tamura’s research reveals that by strategically allocating an EDR driver’s Altitude to another MiniFilter that loads before the EDR driver, attackers can disrupt the EDR’s registration with the Filter Manager. This technique exploits the load order and Altitude management of MiniFilters, allowing adversaries to prevent the EDR driver from initializing. The impact of this exploitation is significant, as it renders the EDR system less effective at tracking and mitigating potential security incidents, thereby compromising the overall security posture of the affected systems.

In response to this issue, Microsoft has implemented several mitigations aimed at addressing the vulnerability. For example, when an attempt is made to alter the Sysmon driver’s Altitude to match that of the EDR driver, Microsoft’s defenses are designed to terminate the registry editing process. While these measures provide some level of protection, they have not entirely resolved the problem for all EDR solutions. Notably, Microsoft Defender for Endpoint (MDE) and potentially other EDR solutions remain vulnerable to this bypass technique, highlighting the ongoing challenges in securing these systems.

To counteract this vulnerability, Security Operations Center (SOC) teams should adopt a vigilant approach by closely monitoring registry changes related to MiniFilter Altitudes across all drivers, not just Sysmon. By detecting and responding to unusual changes promptly, SOC teams can better protect their environments from potential exploits. It is crucial for organizations to stay informed about evolving threats and implement comprehensive security measures to ensure that their EDR systems remain effective in detecting and responding to sophisticated attacks.

Reference:
  • Windows MiniFilter Vulnerability Allows Bypass of Endpoint Detection and Response
Tags: Cyber AlertsCyber Alerts 2024Cyber threatsEDRSeptember 2024VulnerabilityWindows
ADVERTISEMENT

Related Posts

GitLab Patch Stops Service Disruption Risks

Function Confusion Hits Serverless Clouds

May 22, 2025
GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

May 22, 2025
GitLab Patch Stops Service Disruption Risks

GitLab Patch Stops Service Disruption Risks

May 22, 2025
Teen Hacker Admits PowerSchool Cyberattack

Hazy Hawk Hijacks Cloud DNS For Web Scams

May 21, 2025
Teen Hacker Admits PowerSchool Cyberattack

Venom Spiders More Eggs Malware Hits Hiring

May 21, 2025
Teen Hacker Admits PowerSchool Cyberattack

Fake Kling AI Sites Spread Malware To Users

May 21, 2025

Latest Alerts

GitLab Patch Stops Service Disruption Risks

3AM Ransomware Email Bomb and Vishing Threat

Function Confusion Hits Serverless Clouds

Venom Spiders More Eggs Malware Hits Hiring

Hazy Hawk Hijacks Cloud DNS For Web Scams

Fake Kling AI Sites Spread Malware To Users

Subscribe to our newsletter

    Latest Incidents

    Cyberattack Paralyzes French Hauts de Seine

    Santa Fe City Loses $324K In Hacker Scam

    Belgium Housing Hit by Ransomware Attack

    UK Peter Green Chilled Hit By Ransomware

    Cellcom Cyberattack Causes Service Outage

    Ohio Kettering Health Faces Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial