Unveiling the Shadowy Powers: MagicDot Paths Grant Hackers Rootkit Abilities

Unveiling the Shadowy Powers: MagicDot Paths Grant Hackers Rootkit Abilities
Unveiling the Shadowy Powers: MagicDot Paths Grant Hackers Rootkit Abilities

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.

MagicDot Paths

During the conversion process, a function removes trailing dots and spaces from the path elements. This action creates so-called MagicDot paths, which allow for rootkit-like functionality accessible to any unprivileged user.


These paths enable attackers to:

  • Hide files and processes
  • Affect prefetch file analysis
  • Make users believe malware is a verified Microsoft executable
  • Disable Process Explorer with a denial of service vulnerability

Security Shortcomings

The underlying issue has led to the discovery of four security shortcomings:

  • An elevation of privilege (EoP) deletion vulnerability
  • An elevation of privilege (EoP) write vulnerability (CVE-2023-32054)
  • A remote code execution (RCE) vulnerability (CVE-2023-36396)
  • A denial-of-service (DoS) vulnerability impacting Process Explorer (CVE-2023-42757)


"This research is the first of its kind to explore how known issues that appear to be harmless can be exploited to develop vulnerabilities and, ultimately, pose a significant security risk," said Or Yair, a SafeBreach security researcher.

The implications extend beyond Microsoft Windows to all software vendors who allow known issues to persist in their software.

newsid: geaajjlfd6d040m

Related stories
6 hours ago - These Xbox-compatible VPNs can help you avoid a DDoS, hide your IP address, unblock geo-protected streaming content or use Game Pass in unsupported regions.
3 days ago - ​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
3 days ago - Telegram CEO accuses Signal of US ties and insecurity, while Musk supports Telegram and Signal denies vulnerabilities.
3 days ago - A critical Git vulnerability allows remote code execution during cloning, affecting a wide range of versions; update to patched versions immediately.
4 days ago - Microsoft releases patches for 61 security flaws, including two actively exploited zero-days.
Other stories
7 minutes ago - The company is sending emails out that say its “most requested product” is coming on May 21st. Could the release be its rumored Sonos Ace wireless headphones?
7 minutes ago - An InStyle shopping editor found the seven best fashion, beauty, and home deals at Amazon this weekend starting at $6. The best Amazon deals include Hanes tees, Sam Edelman sandals, and CeraVe eye cream.
51 minutes ago - Why You Can Trust CNET Our expert deal-hunting staff showcases the best price drops and discounts from reputable sellers daily. If you make a...
51 minutes ago - Discover the best ways to stream March Madness 2024 on TBS without cable. Your ultimate guide for how to watch March Madness and more.
51 minutes ago - Don't let inaccurate numbers discourage your wellness journey. Learn how to weigh yourself correctly.