Hackers Can Exploit Home windows Container Isolation Framework to Bypass Endpoint Safety

Aug 30, 2023THNMalware / Endpoint Safety

Windows Container Isolation Framework

New findings present that malicious actors might leverage a sneaky malware detection evasion method and bypass endpoint safety options by manipulating the Home windows Container Isolation Framework.

The findings had been introduced by Deep Intuition safety researcher Daniel Avinoam on the DEF CON security conference held earlier this month.

Microsoft’s container architecture (and by extension, Windows Sandbox) makes use of what’s referred to as a dynamically generated image to separate the file system from every container to the host and on the identical time keep away from duplication of system information.

It is nothing however an “working system picture that has clear copies of information that may change, however hyperlinks to information that can’t change which might be within the Home windows picture that already exists on the host,” thereby bringing down the general dimension for a full OS.


“The result’s photos that include ‘ghost information,’ which retailer no precise information however level to a special quantity on the system,” Avinoam said in a report shared with The Hacker Information. “It was at this level that the thought struck me — what if we are able to use this redirection mechanism to obfuscate our file system operations and confuse safety merchandise?”

That is the place the Home windows Container Isolation FS (wcifs.sys) minifilter driver comes into play. The driving force’s essential objective is to deal with the file system separation between Home windows containers and their host.

The driving force handles the ghost information redirection by parsing their connected reparse points and the related reparse tags which uniquely determine the proprietor, i.e., the implementer of the file system filter driver that performs further filter-defined processing on a file throughout I/O operations.

Two such reparse tag information constructions utilized by the Home windows Container Isolation filter, in accordance with Microsoft, are IO_REPARSE_TAG_WCI_1 and IO_REPARSE_TAG_WCI_LINK_1.

The idea, in a nutshell, is to have the present course of working inside a fabricated container and leverage the minifilter driver to deal with I/O requests such that it may create, learn, write, and delete information on the file system with out alerting safety software program.

Windows Container Isolation Framework
Supply: Microsoft

It is value declaring at this stage {that a} minifilter attaches to the file system stack not directly, by registering with the filter manager for the I/O operations that it chooses to filter. Every minifilter is allocated a Microsoft-assigned “integer” altitude worth primarily based on filter necessities and cargo order group.

The wcifs.sys driver occupies an altitude range of 180000-189999 (particularly 189900), whereas antivirus filters, together with these from third-parties, operate at an altitude vary of 320000-329999. Because of this, numerous file operations could be carried out with out getting their callbacks triggered.


“As a result of we are able to override information utilizing the IO_REPARSE_TAG_WCI_1 reparse tag with out the detection of antivirus drivers, their detection algorithm won’t obtain the entire image and thus won’t set off,” Avinoam defined.

That having stated, pulling off the assault requires administrative permissions to speak with the wcifs.sys driver and it can’t be used to override information on the host system.

The disclosure comes because the cybersecurity firm demonstrated a stealthy method referred to as NoFilter that abuses the Home windows Filtering Platform (WFP) to raise a consumer’s privileges to that of SYSTEM and doubtlessly execute malicious code.

The assaults enable using WFP to duplicate entry tokens for an additional course of, set off an IPSec connection and leverage the Print Spooler service to insert a SYSTEM token into the desk, and make it potential to acquire the token of one other consumer logged into the compromised system for lateral motion.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.