BITDEFENDER'S research reveals three attack techniques exploiting Windows bind links to evade endpoint detection and response (EDR) systems. Bind links, used for mapping file paths, can be manipulated by attackers to redirect to malicious files, effectively hiding them from detection. The first technique, file-binding, hijacks paths to alter DLL loading processes without detection. The second, process-binding, uses executable images to by-pass EDR checks, appearing as trusted files.
The third, silo-binding, requires administrative access and creates isolated environments where malicious activities remain undetected externally. Microsoft considers these exploits low severity due to the requirement for admin access, but Bitdefender warns that such access is often easily obtained by criminals.