Jump to content

Eset Covered On This One?


Recommended Posts



The bug, as discovered by researcher Satoshi Tanda, causes files sent to be scanned by the AMSI to be truncated at a null character. This would mean that an attacker could easily hide malicious code in a script by placing it after a null character. Since AMSI would never read this code, the malware would pass without any warning bells going off.

Thankfully, the bug has been fixed by the latest Patch Tuesday release by Microsoft. "In theory, no action other than applying the patch should be required. However, software vendors using AMSI to scan PowerShell contents should review whether it can handle null characters properly should they appear," says Tanda.



Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...