A New Exploit That Is Bypassing LSASS Protection

Researchers from Orange Cyberdefense found a new exploit to bypass LSASS protection called “BYOVDLL” (Bring Your Own Vulnerable DLL). Despite a patch in July 2022, the vulnerability remained exposed, allowing PPLdump to function without adjustments, as disclosed in October 2022. The exploit bypasses security measures without system reboots and enables sophisticated exploitation techniques within secure processes, presenting challenges in the defense of critical system processes.