What you need to know about DoubleAgent

Scary news! Every Windows is vulnerable, and guess what, your AV can help in the attack. A new Vulnerability called DoubleAgent is your security news headline now, and when a vulnerability is given a name, it is serious. But let's not over react or under react and put things in its normal shape. Let's talk about the facts not conclusions

• DoubleAgent Vulnerability is discovered by Cybellum, an Israeli startup which offers Zero-Day Prevention Platform
• Cybellum defines that as a Zero-Day Attack not a Zero-Day Vulnerability
• The vulnerability can affect any Windows because it affects a Windows feature called Application Verifier which exists in all Windows since XP
• The vulnerability is 15 year old because it exists since the old days of XP
• Aside from technical details, this attack needs an administrator privileges, so simply, back to the basics and don't give your users a privilege more than they need
• If the attacker has an administrator privileges and runs this attack, he can control any process in the OS including AV
• If you have Windows 8.1 or greater, and your AV vendor is using Protected Services feature, then you are safe
• Trend Micro and McAfee are the first two AV Vendors talked about this issue so far. Trend Micro released hotfix and McAfee claims its Self Protection in ENS can prevent this attack.
• AV Vendors should be asked if they prevent this attack from attacking their own AV software or from attacking any other process in Windows
• The attack shows that there should be a new breed of AV software in the market

Thanks, please share your thoughts