silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
A technique that exploits Windows 10 Microsoft Store called 'wsreset.exe' can delete bypass antivirus protection on a host without being detected.
Wsreset.exe is a legitimate troubleshooting tool that lets users diagnose problems with the Windows Store and reset its cache.
Pentester and researcher Daniel Gebert has discovered that wsreset.exe can be abused to delete arbitrary files.
As wsreset.exe runs with elevated privileges because it deals with Windows settings, this bug would allow attackers to delete files even if they would not normally have the privileges.
The researcher demonstrated how this behavior could be abused to bypass antivirus protections, focusing on Adaware antivirus as an example. [...]