Security Market Segment LS
Tuesday, 09 May 2017 09:01

Microsoft fixes remote Windows flaw found by Google Featured


Microsoft has released a patch to fix a nasty hole in the Windows malware scanner which is present on many versions of Windows, including Windows 10.

Researchers at Google's Project Zero said earlier they had discovered a "crazy, bad" remotely exploitable vulnerability in Windows.

Researcher Tavis Ormandy claimed he and his colleague Natalie Silvanovich had "discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way".

The flaw is present in all the various avatars under which Microsoft markets its malware protection engine: Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection.

Ormandy's first announcement, on Twitter, did not go into detail but he later released the full details of the flaw.

Specially crafted files can install malware while Windows malware scanner is examining the files. The fact that it runs with administrative privileges means it has carte blanche to do what it likes on the system.

"There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine," Microsoft said in its advisory.

"For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened.

"In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server."

Project Zero researchers wait for 90 days after they inform the company responsible about a bug before they make the details public.

This is not the first time that Google's Project Zero has found dangerous bugs in Windows; a remotely exploitable bug in Internet Explorer 11 was revealed in February.

A second bug, in the Windows graphic device interface library, was disclosed the same month after Microsoft put off issuing its monthly security updates that month.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments