Attackers who already have administrator privileges on a Windows machine have newer ways to slip past endpoint security without exploiting a vulnerable driver or modifying trusted binaries.Bitdefender researchers have warned against three techniques that abuse Windows Bind Links, a legitimate filesystem virtualization capability, to occupy security tools with clean files while malicious ones execute undetected.The techniques can be used “to blind EDR sensors and bypass built-in Windows defenses such as AMSI and AppLocker,” the researchers said in a blog post shared with CSO ahead of its publication on Wednesday. Dubbed File Binding, Process-Binding, and Silo-Binding, the techniques exploit the way Windows’ Bind Filter driver “bindflt.sys” redirects file paths in memory.While Microsoft reportedly assessed the issues as low severity because exploiting the techniques requires admin privileges, Bitdefender argued its importance by comparing the threat to Bring Your Own Vulnerable Driver (BYOVD) attacks.Microsoft did not immediately respond to CSO’s request for comment.Three attack paths from one weaknessBitdefender’s research focused on Bind Links, a Windows feature designed for legitimate virtualization scenarios such as Windows Sandbox, Windows containers, and Store applications. Bind Links operate entirely within “bindflt.sys,” allowing one file path to transparently resolve to another without creating a visible filesystem object or modifying the original file.Bitdefender demonstrated how attackers can progressively weaponize this capability.The first technique, File-Binding, redirects trusted DLL or file paths to attacker-controlled replacements. The researchers showed PowerShell loading what appeared to be a legitimate amsi.dll, but the Bind Link instead served a malicious DLL that exported identical functions while silently disabling malware scanning.Process-Binding extends the concept to executable files. Here, the researchers said, Windows reports a trusted executable like “winever.exe” is running, while the operating system actually executes another binary, such as cmd.exe. Because many security products rely on executable paths for allowlisting, signatures, and process identity, the mismatch can trick both security policies and analysts.The most sophisticated of the three, Silo-Binding, leverages Windows silos, the isolation technology in Windows containers, to present different filesystem views inside and outside an isolated environment. The researchers demonstrated a potential malware executing inside the silo as a trusted application, while security tools operating outside the silo read them as legitimate files.Bitdefender demonstrated bypasses against AppLocker, Windows Firewall, Sysmon, and even executed Invoke-Mimikatz under a trusted process identity to evade detection.A potential post-compromise attack vectorAddressing Microsoft’s low-severity assessment, the researchers noted these techniques to be effective post-compromise evasion attacks, rather than a remote code execution vulnerability.“Every Windows 10 RS4+ and Windows 11 system is exposed once an attacker has administrator access on it,” they said. “Every AV and EDR that trusts the image-file path returned by standard process-notification routines is affected.”Bitdefender also disclosed a related privilege escalation scenario involving Docker Desktop, where members of the “docker-users” group could leverage Bind Links to reach SYSTEM privileges.Following the disclosure, Docker reportedly updated its documentation to clarify the security implications of the group’s permissions.While Windows 24H2 introduces a veto mechanism that can block bind-link creations, the researchers described it as only a partial mitigation because it is limited to newer systems, applies only in certain scenarios, and can be bypassed.Instead, they recommended resolving the real backing file rather than trusting process paths, revalidating file identity whenever a file is reopened for hashing or scanning, and enumerating active bind-link mappings to detect silo-scoped abuse.