Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

Researchers have discovered vulnerabilities in Microsoft’s Windows Smart App Control and SmartScreen, which could enable hackers to gain access to target environments without raising alarms. The vulnerabilities can be bypassed by various methods, including getting the app signed with a legitimate extended validation certificate, hijacking and tampering with an app’s reputation, or exploiting a bug related to how Windows handles shortcut files. The researchers emphasise that security teams should not rely solely on native OS security features.