nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
'Crazy bad' bug in Microsoft's Windows malware scanner can be used to install malware

Pint

Black hats go to the bar on Friday night too, you know.

7
0
Silver badge

"Black hats go to the bar on Friday night too, you know."
There you go! And I thought they were called to the bar ;-)

11
0

You called, m'Lud?

Lawyers are called to the bar. Lowlifes are placed at the bar. Sometimes you can tell the difference.

11
0
Silver badge

"An easy way for attackers to exploit the scanner bug would be to send malicious malware-laden files to a victim as an attachment on an email or instant message, or an automatic download from a webpage, which would be automatically scanned on arrival – and trigger an infection."

Not clear how this would be wormable ? Seems to require user interaction, or a known target - e.g. email address.

1
4
Anonymous Coward

Not clear how this would be wormable ?

From the bug report, it seems anything that can get itself written to the file system could be a vector. So you have a mail or IM client running, it downloads an infected message, which is scanned before you even see it, and you're infected. The nice thing about email or IM as a vector is that every infected target contains a handy list of other potential targets.

5
0
Silver badge

Re: Not clear how this would be wormable ?

"From the bug report, it seems anything that can get itself written to the file system could be a vector. So you have a mail or IM client running, it downloads an infected message,"

But you would still need the right email / IM user name / address?

1
4
Silver badge

Re: Not clear how this would be wormable ?

Outlook receives an email and writes it to disk before evaluating it. It is the disk write itself that triggers the scan that parses the JavaScript in a System process by an unrelated system.

1
1
Anonymous Coward

Re: Not clear how this would be wormable ?

"But you would still need the right email / IM user name / address?"

Yes. As long as you've never given your email or IM address to anyone else, you should be safe.

3
1
Silver badge

Re: Not clear how this would be wormable ?

"Outlook receives an email and writes it to disk before evaluating it"

Outlook only downloads emails for it's configured mailboxes on specific email servers. A "worm" would still need to know where to send an email.... So not really wormable it seems.

0
4
Anonymous Coward

Re: Not clear how this would be wormable ?

"Yes. As long as you've never given your email or IM address to anyone else, you should be safe."

Sure, but you have to be targeted from source data. It's not possible to create an infect everything worm like say slapper.

1
0
Silver badge
WTF?

Re: Not clear how this would be wormable ?

Outlook only downloads emails for it's configured mailboxes on specific email servers. A "worm" would still need to know where to send an email.... So not really wormable it seems.

Given the lack of understanding of something as basic email by one of MS's most virulent shills, is it no wonder their basic approach to security also shows such an incredible lack of understanding?

(But kudos to the team who did get the patch out quickly; MS - that is how it should be done with flaws of this nature!)

#WishIwasreadingthisacoupleofweeksago

0
0
Anonymous Coward

Well if it gets wormed, hopefully a) it will be after an in cycle patch is released, and b) someone will get it to wipe the disks on all the still connected unsupported Windows OS versions out there that are no longer patched, and should have been upgraded years ago...

3
8
Bronze badge
FAIL

Use Windows 10 is not a solutions, it's more lame horseshit from Microsoft trying to force people to use something that don't want.

Windows10 is just as vulnerable as everything else. The scanner executes executables rather than scanning executables...

13
2
Silver badge
Paris Hilton

Use Windows 10 for the best protection

From whom?

46
0
Silver badge

Re: Use Windows 10 for the best protection

Well, this time last year I would have answered that question with "from Microsoft"

Because if you were running Windows 10, Microsoft wouldn't have tried foisting Windows 10 on you without permission.

Not sure what the correct answer is now, though!

8
1
Silver badge

Re: Use Windows 10 for the best protection

Sting vest condom - lightly ribbed for greater pain.

3
1
Bronze badge

Re: Use Windows 10 for the best protection

Nothing says "I love you" better than the new Windows On-Off Condom. Now with nettles. It's organic.

1
0
Bronze badge

Re: Use Windows 10 for the best protection

"Not sure what the correct answer is now, though!"

The correct answer is 'Mostly, Windows 10 protects you from Mostly'.

No, I don't know what it means either...

1
0
Anonymous Coward

Re: Use Windows 10 for the best protection

Not sure what the correct answer is now, though!

Avoiding it like the proverbial plague it is?

1
0
Silver badge
Windows

So now we can only hope...

Hope that those Windows 7 and 8 users see the need for this update and will also actually update their machines before it gets run over. Problem being that there are still dozens of users out there who no longer trust Microsoft not to try and push Windows 10 down their throats ...again.

And this is only a flaw that we now know off, I'm pretty sure many will follow without hitting the news and without the fix finding its way to the affected machines. Because not updating your Windows 7 or 8 machine is the easiest (and thus best) way for many to ensure they're not forcefed with Windows 10.

Congratulations Microsoft, for making the Internet a much more dangerous place. One step at a time.

24
6
Silver badge

Re: So now we can only hope...

"there are still dozens of users out there who no longer trust Microsoft"
Consequently they should be more likely to use better anti-malware than Security Essentials or whatever its title of the week is.

10
2
Anonymous Coward

Re: So now we can only hope...

Why doesn't Microsoft honor it's responsibility rather than use this as an excuse to force people to move to windows 10 against their will?

This is yet another problem that was present at time of purchase, if they are not going to fix it then they should refund the user's money and compensate them for their wasted time.

An OS used to be supported for the life of the hardware it ran upon, if there were errors at the time of sale it was expected that they would be fixed free of charge or money returned.

13
5
Silver badge
Terminator

Re: So now we can only hope...

Don't worry, refuseniks (windows 7/8/8.1 users) will soon be absorbed into the Borg than deploying updates like this won't be a problem as all Borg members are connected to the mothership 24/7/52.

With everyone running Windows 10S and connected to MS every minute of the day and night they'll be able to correct, sorry erase problems like this in a flash.

You will be made part of the collective unless... you can escape to the Underworld of Linux or MacOS.

10
5
Silver badge

Re: So now we can only hope...

About 50 years ago, I learned that in linear programming you can only optimize one variable. A similar rule obtains in real life. If you really want to accomplish something you have to make it your top priority and ruthlessly subordinate everything else to it.

The main reason for Microsoft's success has been that it has always observed that rule meticulously. The corporation's top priority, obviously, is maximizing long-term profit. As a result, it has brought in vast amounts of profit down the years.

As a side effect, it has also neglected the interests of users - such as security. Implementing and maintaining good security is not only very expensive and time-consuming; it also militates against almost every other possible parameter of running a software business.

19
1
Silver badge

Re: So now we can only hope...

"... they should be more likely to use better anti-malware than Security Essentials or whatever its title of the week is".

Er, such as?

5
1
Silver badge

Re: So now we can only hope...

"Hope that those Windows 7 and 8 users see the need for this update and will also actually update their machines before it gets run over."

From the article:

"It is switched on by default in Windows 8, 8.1, 10, and Windows Server 2012."

I'm not sure why anyone would still be using Windows 8, but those of us still using the last decent version of Windows don't seem to have so much of a problem.

5
0
Silver badge

Re: So now we can only hope...

If you read the bug report you'll see that turning "Windows Defender" off doesn't save you.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5

2
0
Silver badge

Re: So now we can only hope...

Except that if you'd bothered the read the piece you're commenting on you'd see it updates itself automatically and independently from Windows Update.

1
0
Silver badge

Re: So now we can only hope...

"It is switched on by default in Windows 8, 8.1, 10, and Windows Server 2012."

I'm not sure why anyone would still be using Windows 8, but those of us still using the last decent version of Windows don't seem to have so much of a problem.

Eh? Why not?

https://technet.microsoft.com/en-us/library/security/4022344

"Affected software:

[...]

Windows Defender for Windows 7 // Critical // Remote Code Execution

0
0
Silver badge
Facepalm

Re: So now we can only hope... @PG

"there are still dozens of users out there who no longer trust Microsoft"

"there are still up to a dozen users out there who still trust Microsoft"

FIFY

11
3
Silver badge
Linux

Re: So now we can only hope...

Because not updating your Windows 7 or 8 machine is the easiest (and thus best) way for many to ensure they're not forcefed with Windows 10.

Oh?

4
0
Silver badge

Re: So now we can only hope...

re: Oh?

Agree, I suspect ShelLuser doesn't actually use Win7 or 8 and so is unaware that since last year MS stopped the Get Windows 10 Free offer and removed it from Windows Update.

Certainly, since then, none of my Win7/8 systems has either flagged the presence of an OS upgrade or offered any inducement to upgrade. However, it did take a little effort and assistance from GWX Control Panel to avoid the forced free upgrade.

2
0
Silver badge
Alert

Re: So now we can only hope...

Er, such as?
Avast!, Avira, AVG, Comodo, ClamAV ... Basically Anything that isn't MS Security Essentials, McAffee (the software), or Norton.

"Better than Security Essentials" is a fairly low bar to trip over.

4
3
Silver badge

there are still dozens of users out there who no longer trust Microsoft

Dozens? Surely you exaggerate?

1
0
Silver badge

Shocked! Shocked, I say!

Who could have imagined?

9
2
Silver badge

The funny thing is...

... a large German blog on cyber security and other topics recently asked their readers to send them examples for malware scanners being used to spread malware. It's author was invited to a tour which includes panel sessions with an antivirus vendor....

...so the timing was rather good on this one.

1
0
Silver badge

Malware using the anti-virus engine to spread, CIH, anyone ? That thing infected each and every file on your drive when your anti-virus scanned the files.

https://en.wikipedia.org/wiki/CIH_(computer_virus)

9
0
LDS
Silver badge

Meanwhile MS is messing with Windows Update...

Which is showing old IE patches and you don't understand if they've been reissued or not. Looks to be MS obsoleted some updates and broke the 'superseded by' chain.... I wonder who's in charge of updates now, some cousin of Nadella used to run Windows support scams?

9
10
Silver badge

Re: Meanwhile MS is messing with Windows Update...

I'm not sure that the racism implicit in your comment is entirely appropriate. There are plenty of reasons to criticise Nadella's strategy at Microsoft but the implication that just because he was born in India he must be involved with scams originating in India seems low. Unless, of course, you have evidence that one of his cousins is running a support center scam.

10
16
Anonymous Coward

Re: Meanwhile MS is messing with Windows Update...

Er no Adam, you are the one who mentioned India and I am fairly certain everyone agrees that Nadella was doing exactly what he was paid to do.

11
8
Silver badge

Re: Meanwhile MS is messing with Windows Update...

Are Indians then the only people who have cousins? If so, why was I not told before?

10
2

Re: Meanwhile MS is messing with Windows Update...

no, but, I know indians that use the term cousin for first second and third cousins once twice or thrice removed, so a use it a lot more than other English speakers.

Pretty clear that is what was being referred to, and its use above clearly snide/racist and certainly out of place on this forum.

2
11
WTF?

Re: Meanwhile MS is messing with Windows Update...

<Nadella was doing exactly what he was paid to do.>

Running MS into the ground?

Are you saying that Apple is paying him?

0
0
Anonymous Coward

Re: Meanwhile MS is messing with Windows Update...

"<Nadella was doing exactly what he was paid to do.>

Running MS into the ground? "

Microsoft have been trying to move to as a service for years, they got in a guy who did exactly what they wanted him to do. I am sure it would be nice to blame him for everything but the fact is that history is against it.

That he has an Indian name again has nothing to do with it, he was just another MS employee following orders

0
0
LDS
Silver badge

"you have evidence that one of his cousins is running a support center scam"

Given the way MS had tried to install Windows 10 on the machines of unsuspecting users, I'd say that's highly probable. Same modus operandi.

10
3
Bronze badge
Windows

Plus ça change...

"If a tweet is causing panic or confusion in your organization, the problem isn't the tweet, the problem is your o/s"

FTFY Natalie.

Where's the Trump icon for tweet related posts?

Never mind, this Trump voter icon will have to do...

12
6
Bronze badge
Pint

Re: Plus ça change...

By the power vested in me by nobody, as Queen of Canada, I now pronounce you Admiral Badmouth. Kindly get your bad mouth around this India Pale Ale.

2
3
Silver badge
Linux

No chance here :(

My only Windows installation (Win8) stubbornly refuses to download the 1.8GB of updates it advises. Fortunately for me, I never use it.

6
4
Silver badge

It's been patched and rolled out.

...latest update closes the issue.

2
3
Linux

Re: It's been patched and rolled out.

It might fix that one, but there will be plenty more where that came from!

2
1

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing