CNN Security researcher Dan Stachowski, who is working on a new vulnerability for Windows 7, shared details of a new exploit on Twitter, describing it as a “Trojan horse” attack that can bypass “Windows Firewall” restrictions to gain root privileges.
Stachowski also described the attack, which he said he discovered using the vulnerability scanner tool X-Ray, as “very similar to a zero-day exploit for the ‘Firewall Trojan Horse.'”
The exploit will not actually execute malicious code but instead will be a “fake” vulnerability that will bypass the firewall and gain root access.
The exploit is known as “Trojanshell” and it was first reported on in February 2016 by security researcher Mike Henson, who noted that “the Windows 7 Trojan Horse exploit is a little bit more advanced than most of the other exploits that I’ve seen.
I would consider it a serious security issue for any computer running Windows 7.”
Stachowski’s post on Twitter describes the exploit as “a very simple exploitation of the Windows 7 Firewall Trojan horse.”
He describes the “TroJanshell exploit” as a way to circumvent the Firewall in order to gain access to “the root shell (shell) of the system.”
He says it’s possible to bypass the Firewalls firewall in the process, but it requires “special tools and skills.”
“In this case, it would require a special tool and skills,” he wrote.
“I will leave it up to you to determine the right level of technical knowledge for this specific exploit.”
The vulnerability is described as a flaw in the Windows Firewall, which is installed on Windows 7 and other versions of Windows.
“Firewall” is a term for the system’s security features.
The Firewalling System Protection Engine (FSPE) protects systems against a variety of attack scenarios, including network attacks and ransomware.
In the past, Microsoft has patched vulnerabilities that could be exploited to gain administrative or remote code execution (RCE) privileges on some Windows versions, but not others.
Stackowski’s tweet includes a screenshot of an email sent by the researcher to Microsoft in which he says he “found an exploit that is similar to the ‘Trojashell’ exploit” in question.
The email says the “malware payload is identical” to the exploit that Stachowskis discovered, but the email does not specify the specific vulnerability the exploit is targeting.
The vulnerability was disclosed on February 14, and it has since been fixed in a patch to Windows 7.
The vulnerability also appeared in a vulnerability scanner service, which Stachowksi describes as a vulnerability that “has been found in the [Microsoft] Windows Defender Anti-Virus (MDA) engine.”
The vulnerability was reported on February 21, 2016, and Microsoft fixed it in March.
“Microsoft has confirmed the MDA is not affected by this vulnerability,” the vulnerability scan service said in a statement.
“In order to fix this issue, we recommend that you install a new version of the MDS, and then restart the Mds service.
The update will be delivered in the next few hours.”
The company has not yet issued a patch for the vulnerability.