Can anybody name a single security product that scans VHD or VHDX contents? Given that Windows doesn't apply the Mark of the Web (MOTW) to VHD(X) contents, and Win10 can open them with a double-click, this seems like an excellent vehicle for deploying evil.
-
Show this thread
-
How does the MoTW matter anyway, one might ask. Windows treats quite a number of dangerous files quite differently if it carries the MoTW. Let's compare behavior of a few files contained first in a ZIP, and then in a VHD file. Which's more likely to allow a user to harm themself?pic.twitter.com/XoCIPeKGxN
4 replies 4 retweets 14 likesShow this thread -
I've written a blog post to elaborate on the concept of VHD and VHDX files being dangerous: https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html …pic.twitter.com/sDHl6UPM9O
1 reply 8 retweets 12 likesShow this thread -
Replying to @wdormann
Awesome stuff Will, as always. Question - with your recommendations of blocking VHD/VHDX files at the email gateway, are they typically transferred that way? Not against it, but thought the file size would be too big. Unless we're talking snapshots?
1 reply 0 retweets 1 like
VHD and VHDX files can be as small as you like. Definitely emailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.