How to fix unpatched Windows malware with Elastic

Elastic researchers have discovered a vulnerability in the Windows Protected Process Light (PPL) mechanism that can allow malware to disable security products. This flaw, which had not been patched, has been addressed in Elastic Security to better protect users. Gabriel Landau provides a detailed analysis of how sandboxing and access tokens can be exploited by hackers to infiltrate Windows-based systems, and a demonstration is included to show how these methods can disable anti-malware products. The article also discusses how anti-malware vendors can mitigate these risks using Windows' trusted labels feature. Users are encouraged to update to the latest version of Elastic Security and utilize the quick start training to effectively find threats like malware and ransomware. For those new to Elastic Cloud, a free 14-day trial or a self-managed version of the Elastic Stack are available.