Overall, Windows 7 and Windows 8 are pretty secure operating systems. But one recent flaw has left both OSes so ridiculously unprotected that I almost find it hard to believe.
Today, I’m going to share the details of that flaw with you and show you why it could be one of the most devastating Windows 7 and Windows 8 flaws ever uncovered.
The attack relies on PowerShell
You may have heard about a Windows feature called “PowerShell”. PowerShell 2 has come preinstalled on every version of Windows since Windows 7, including Windows 7, Windows 8, and the beta versions of Windows 10.
Power users can use PowerShell 2 to automate certain processes and scripts. It’s a feature most average Windows users will never use – although it’s popular among system administrators and network admins.
Here’s the problem: PowerShell 2 is disabled by default on Windows 7. However, on Windows 8 and Windows 8.1, it’s enabled by default – and most users aren’t aware that it’s enabled.
As a result, hackers have been exploiting this loophole to gain full control of users’ operating systems.
How the PowerShell exploit works
The PowerShell exploit infiltrates your system using a Cross-Site Scripting (XSS) attack. XSS is found in many popular web applications, including login forms and contact registration forms on various websites.
When a login form is compromised, it attacks users in a few different methods. At its most basic level, it can attack users by displaying an iframe popup which claims that a user’s session timed out and they need to log back in.
You might not think twice about this pop-up and quickly enter your login information. If you’ve done that, the hackers will presumably use that information for nefarious purposes.
At a more advanced level, the infected login code can actually be used to inject malware onto the victim’s computer.
This malware can then be used to log keystrokes, activate microphones or webcams, or encourage users to download malicious files disguised as innocent files.
Here’s where the attacks get really dangerous: when the attacker really wants to do some damage, that person will fire up PowerShell. As mentioned above, this application is enabled on Windows 8 computers but it can be enabled on Windows 7 computers.
After activating PowerShell, the hacker can send a script telling the computer to download software from a malicious URL.
Since the attackers never touches your disk, the attack goes undetected
One of the reasons this attack has been so successful is because at no point does the hacker need to touch your disk – also known as your hard drive. Instead, all of the attack scripts are carried out over the memory of your computer.
This avoids triggering any existing antivirus software which may prevent the attack.
So even if you pay for expensive antivirus software, that software won’t be constantly checking your RAM for malicious scripts. That’s a huge problem – and it’s one reason why this is considered a sophisticated attack.
How to Protect Yourself and Disable PowerShell
Fortunately, there are a few different ways to protect yourself against this attack.
First, if you’re using Windows 7, PowerShell 2 will already have its administrator privileges disabled by default. Unless you’ve manually enabled PowerShell 2’s administrator privileges, you will be safe.
In Windows 8, as we mentioned above, PowerShell is enabled by default. You can disable it by following these instructions:
-Go to Control Panel and click Programs and Features
-Click on Turn Windows features on or off
-Scroll down to the bottom of the dialogue box that just opened and find the folder labelled Windows PowerShell 2.0. Un-tick that folder to disable it.
-You can re-enable that folder at any time simply by ticking it once again
After disabling these features, you should still keep your guard up: if you receive a sudden “Administrator” privilege request from PowerShell 2.0, it could be an attempt by a malicious third party to access your system. That’s bad news, and you need to reject this access request.
If you can follow the tips listed above, you should be able to avoid the worst effects of this devastating Windows 7 and Windows 8 flaw.