Thu, 30 Mar 2017 10:33:51 +0200 
Cute, but a 15 year old design feature is not what I would call a zero-day.

DoubleAgent: Zero-Day Code Injection and Persistence Technique
We’d like to introduce a new Zero-Day technique for injecting code and maintaining persistency on a machine (i.e. auto-run) dubbed DoubleAgent.

DoubleAgent can exploit:

Every Windows version (Windows XP to Windows 10)

Every Windows architecture (x86 and x64)

Every Windows user (SYSTEM/Admin/etc.)

Every target process, including privileged processes (OS/Antivirus/etc.)

DoubleAgent exploits a 15 years old legitimate feature of Windows and therefore cannot be patched.

Microsoft has provided a new design concept for antivirus vendors called Protected Processes
Currently no antivirus (except Windows Defender) has implemented this design. Even though Microsoft made this design available more than 3 years ago.