Black hats go to the bar on Friday night too, you know.
'Crazy bad' bug in Microsoft's Windows malware scanner can be used to install malware
Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines. A particularly nasty security flaw exists in Redmond's anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint …
COMMENTS
-
-
Tuesday 9th May 2017 11:21 GMT TheVogon
"An easy way for attackers to exploit the scanner bug would be to send malicious malware-laden files to a victim as an attachment on an email or instant message, or an automatic download from a webpage, which would be automatically scanned on arrival – and trigger an infection."
Not clear how this would be wormable ? Seems to require user interaction, or a known target - e.g. email address.
-
Tuesday 9th May 2017 14:19 GMT Anonymous Coward
Not clear how this would be wormable ?
From the bug report, it seems anything that can get itself written to the file system could be a vector. So you have a mail or IM client running, it downloads an infected message, which is scanned before you even see it, and you're infected. The nice thing about email or IM as a vector is that every infected target contains a handy list of other potential targets.
-
Tuesday 9th May 2017 18:19 GMT TheVogon
Re: Not clear how this would be wormable ?
"From the bug report, it seems anything that can get itself written to the file system could be a vector. So you have a mail or IM client running, it downloads an infected message,"
But you would still need the right email / IM user name / address?
-
-
Wednesday 10th May 2017 12:41 GMT TheVogon
Re: Not clear how this would be wormable ?
"Outlook receives an email and writes it to disk before evaluating it"
Outlook only downloads emails for it's configured mailboxes on specific email servers. A "worm" would still need to know where to send an email.... So not really wormable it seems.
-
Monday 22nd May 2017 20:40 GMT Kiwi
Re: Not clear how this would be wormable ?
Outlook only downloads emails for it's configured mailboxes on specific email servers. A "worm" would still need to know where to send an email.... So not really wormable it seems.
Given the lack of understanding of something as basic email by one of MS's most virulent shills, is it no wonder their basic approach to security also shows such an incredible lack of understanding?
(But kudos to the team who did get the patch out quickly; MS - that is how it should be done with flaws of this nature!)
#WishIwasreadingthisacoupleofweeksago
-
-
-
-
-
-
-
-
Tuesday 9th May 2017 09:56 GMT VinceH
Re: Use Windows 10 for the best protection
Well, this time last year I would have answered that question with "from Microsoft"
Because if you were running Windows 10, Microsoft wouldn't have tried foisting Windows 10 on you without permission.
Not sure what the correct answer is now, though!
-
-
Tuesday 9th May 2017 03:05 GMT Anonymous Coward
So now we can only hope...
Hope that those Windows 7 and 8 users see the need for this update and will also actually update their machines before it gets run over. Problem being that there are still dozens of users out there who no longer trust Microsoft not to try and push Windows 10 down their throats ...again.
And this is only a flaw that we now know off, I'm pretty sure many will follow without hitting the news and without the fix finding its way to the affected machines. Because not updating your Windows 7 or 8 machine is the easiest (and thus best) way for many to ensure they're not forcefed with Windows 10.
Congratulations Microsoft, for making the Internet a much more dangerous place. One step at a time.
-
Tuesday 9th May 2017 04:25 GMT Anonymous Coward
Re: So now we can only hope...
Why doesn't Microsoft honor it's responsibility rather than use this as an excuse to force people to move to windows 10 against their will?
This is yet another problem that was present at time of purchase, if they are not going to fix it then they should refund the user's money and compensate them for their wasted time.
An OS used to be supported for the life of the hardware it ran upon, if there were errors at the time of sale it was expected that they would be fixed free of charge or money returned.
-
Tuesday 9th May 2017 06:33 GMT Steve Davies 3
Re: So now we can only hope...
Don't worry, refuseniks (windows 7/8/8.1 users) will soon be absorbed into the Borg than deploying updates like this won't be a problem as all Borg members are connected to the mothership 24/7/52.
With everyone running Windows 10S and connected to MS every minute of the day and night they'll be able to correct, sorry erase problems like this in a flash.
You will be made part of the collective unless... you can escape to the Underworld of Linux or MacOS.
-
Tuesday 9th May 2017 08:29 GMT Anonymous Coward
Re: So now we can only hope...
About 50 years ago, I learned that in linear programming you can only optimize one variable. A similar rule obtains in real life. If you really want to accomplish something you have to make it your top priority and ruthlessly subordinate everything else to it.
The main reason for Microsoft's success has been that it has always observed that rule meticulously. The corporation's top priority, obviously, is maximizing long-term profit. As a result, it has brought in vast amounts of profit down the years.
As a side effect, it has also neglected the interests of users - such as security. Implementing and maintaining good security is not only very expensive and time-consuming; it also militates against almost every other possible parameter of running a software business.
-
Tuesday 9th May 2017 10:10 GMT Cuddles
Re: So now we can only hope...
"Hope that those Windows 7 and 8 users see the need for this update and will also actually update their machines before it gets run over."
From the article:
"It is switched on by default in Windows 8, 8.1, 10, and Windows Server 2012."
I'm not sure why anyone would still be using Windows 8, but those of us still using the last decent version of Windows don't seem to have so much of a problem.
-
Tuesday 9th May 2017 10:39 GMT Tom Paine
Re: So now we can only hope...
"It is switched on by default in Windows 8, 8.1, 10, and Windows Server 2012."
I'm not sure why anyone would still be using Windows 8, but those of us still using the last decent version of Windows don't seem to have so much of a problem.
Eh? Why not?
https://technet.microsoft.com/en-us/library/security/4022344
"Affected software:
[...]
Windows Defender for Windows 7 // Critical // Remote Code Execution
-
-
-
Tuesday 9th May 2017 13:00 GMT Roland6
Re: So now we can only hope...
re: Oh?
Agree, I suspect ShelLuser doesn't actually use Win7 or 8 and so is unaware that since last year MS stopped the Get Windows 10 Free offer and removed it from Windows Update.
Certainly, since then, none of my Win7/8 systems has either flagged the presence of an OS upgrade or offered any inducement to upgrade. However, it did take a little effort and assistance from GWX Control Panel to avoid the forced free upgrade.
-
-
Tuesday 9th May 2017 05:44 GMT Christian Berger
The funny thing is...
... a large German blog on cyber security and other topics recently asked their readers to send them examples for malware scanners being used to spread malware. It's author was invited to a tour which includes panel sessions with an antivirus vendor....
...so the timing was rather good on this one.
-
Tuesday 9th May 2017 06:03 GMT Anonymous Coward
Meanwhile MS is messing with Windows Update...
Which is showing old IE patches and you don't understand if they've been reissued or not. Looks to be MS obsoleted some updates and broke the 'superseded by' chain.... I wonder who's in charge of updates now, some cousin of Nadella used to run Windows support scams?
-
Tuesday 9th May 2017 06:31 GMT Adam 52
Re: Meanwhile MS is messing with Windows Update...
I'm not sure that the racism implicit in your comment is entirely appropriate. There are plenty of reasons to criticise Nadella's strategy at Microsoft but the implication that just because he was born in India he must be involved with scams originating in India seems low. Unless, of course, you have evidence that one of his cousins is running a support center scam.
-
-
-
Wednesday 10th May 2017 00:07 GMT Anonymous Coward
Re: Meanwhile MS is messing with Windows Update...
"<Nadella was doing exactly what he was paid to do.>
Running MS into the ground? "
Microsoft have been trying to move to as a service for years, they got in a guy who did exactly what they wanted him to do. I am sure it would be nice to blame him for everything but the fact is that history is against it.
That he has an Indian name again has nothing to do with it, he was just another MS employee following orders
-
-
-
-
Tuesday 9th May 2017 12:22 GMT teknopaul
Re: Meanwhile MS is messing with Windows Update...
no, but, I know indians that use the term cousin for first second and third cousins once twice or thrice removed, so a use it a lot more than other English speakers.
Pretty clear that is what was being referred to, and its use above clearly snide/racist and certainly out of place on this forum.
-
-
-