Gone are the days of contemporary endpoint protection anti-malware tools. Last Friday security researchers from Google’s Project Zero announced that they have found a Windows bug, not any bug, but a “Crazy Bug”. A particularly nasty security issue in anti-malware of Redmond, that comes in different forms. The worst Windows remote code exec in recent memory. The vulnerability affects Windows Endpoint protection, Microsoft System Center Endpoint protection, Windows Defender, Sharepoint and more. It gets switched on by default in Windows 8-10.
The hackers disguise the malicious code in the file, and as Microsoft’s scanner looks at your email the notorious code literally tricks the scanner and settles in the system. The moment it hits the system the files gets executed inadvertently and automatically with full administrative privileges. This allows the hacker to take over the machine, and then it goes for the kill.
On Monday, Microsoft rushed to fix the vulnerability in an emergency update and released a patch in its security packages. This upgrade will be fetched automatically and the scanner engine will install it on your machines, and thus in the next two days it will cement the security hole. It looks a bit scary, but the d bottom line is not the extend of damage the bug can do to your device, but it’s to attack on the very nerve center that is supposed to keep your device safe.
The Redmond Security team have come out with a statement “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,”
The hacker who successfully exploits this vulnerability in the security context will execute the arbitrary code, and take control of the system. Since the Microsoft releases automatic updates for its malware protection, it is assumed that most users will be protected sooner or later, if not already. This serves as a warning for not having an antivirus software on your system that can help you from such attacks.
Malware intelligence analyst feared this vulnerability and after the release of the latest patch they remain alert as it would remain unpatched for some more weeks and months. They sought Microsoft’s response to share the next schedule for the fixes, so that IT admins could plan their down times and update cycles accordingly.
“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.” said, Microsoft spokespeople.
It’s a scary world out there, and antivirus generally helps make it less so. To do its job correctly, though, it needs unprecedented access to your computer—meaning that if it falters, it can take your entire system down with it.
Earlier Analyst at Project Zero has twice issued a warning viz-a-viz a Windows bug, which could prove to be wreaking havoc. This statement comes after Microsoft failed to deliver the fixes within a timeline of 90-days. The experts had a contrary thinking and felt that analyst were baiting them into their game, and accusing them of being reckless and creating panic among IT manager and normal workers across the word. Post Crazy bad experts are of the opinion that ‘against the contemporary the advanced endpoint security software goes beyond proactive monitoring and protection.
The quick response from Microsoft was appreciated. “So, basically, jog on, nerds. But as it turns out Microsoft was faster off the ball than expected. “Still blown away at how quickly Microsoft Security responded to protect users,” said Ormandy on Monday. “I can’t give enough kudos.
Hope this isn’t going to happen again. If we take into account how bad the bug is, the last thing we see is malicious hackers get their hands on the data before Microsoft comes out with an updated patch.