Cybersecurity researchers have identified vulnerabilities in Microsoft’s Windows Smart App Control and SmartScreen that could allow attackers to access target systems without any warning.
Smart App Control (SAC) is a security feature introduced by Microsoft in Windows 11 to prevent malicious apps from running on the system. If the service can’t predict the app’s behavior, it checks if it’s signed with a valid signature before execution.
SmartScreen, launched with Windows 10, also assesses the safety of websites and downloaded apps using a reputation-based approach.
According to Microsoft documentation, “Microsoft Defender SmartScreen evaluates a website’s URLs to determine if they’re known to distribute or host unsafe content.”
“Smart App Control and SmartScreen have design weaknesses that could allow unauthorized access without warnings or user interaction,” Elastic Security Labs reported.
One way to bypass these protections is by using a legitimate Extended Validation (EV) certificate to sign the app, a technique exploited by malicious actors in cases like HotPage.
Other methods for evading detection include:
- Reputation Hijacking
- Reputation Seeding
- Reputation Tampering
- LNK Stomping
Security teams should carefully scrutinize downloads and not rely solely on OS-native security features for protection against malware.
