Sign in / up

back to article 'Crazy bad' bug in Microsoft's Windows malware scanner can be used to install malware

Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines. A particularly nasty security flaw exists in Redmond's anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

    1. uncommon_sense
      Reply Icon
      Windows

      Round And Round We Go...

      <...latest update closes the issue.>

      Until the next time.

      With the new patching system it is assured that new bugs are delivered together with patches for the old ones. The circus continues...

      2 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Too true

    "Over the years we've seen multiple examples of organizations getting word of flaws and dragging their feet for months, or even years, before fixing issues that malware developers may already have spotted."

    <Cough> 5 years Google docs flaw</cough>

    7 1 Reply
    1. RyokuMas
      Reply Icon
      Facepalm

      Re: Too true

      "<Cough> 5 years Google docs flaw</cough>"

      Won't stop the usual knee-jerk though.

      3 1 Reply
      1. dlc.usa
        Reply Icon
        Facepalm

        Re: Too true

        <cough>Intel AMT authentication</cough> (if you believe SemiAccurate)

        3 0 Reply
    2. Planty Bronze badge
      Reply Icon
      FAIL

      Re: Too true

      fixed and deployed in 1hr....

      0 4 Reply
  3. poohbear

    Words fail me. How does a program designed to READ data decide to execute it?

    3 0 Reply
    1. joeldillon
      Reply Icon

      I suggest you google 'buffer overflow'.

      4 0 Reply
      1. Boris the Cockroach Silver badge
        Reply Icon

        What?

        Surely you're shitting us with a buffer overflow bug?

        after all the times winxp/vista/win7 got patched/owned because of buffer overflow bugs?

        5 2 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: What?

          "after all the times winxp/vista/win7 got patched/owned because of buffer overflow bugs"

          After all the times INSERT ANY OS OR COMMON APP NAME HERE got patched/owned because of buffer overflow bugs

          TFTFY.

          2 0 Reply
  4. knottedhandkerchief

    "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible."

    Reactively, Shirley?

    6 1 Reply
    1. Chika
      Reply Icon

      "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible."

      Reactively, Shirley?

      Of course. And don't call me... (Bloody Kentucky Fried Theatre!)

      "We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."

      We also recommend that we never miss an opportunity to plug our latest shitware.

      13 2 Reply
  5. Anonymous Coward
    Anonymous Coward

    This Insane^w Inane Example Will Blow Your Mind

    "Crazy Bad"

    Christ, I hate "everyday bombast meets let's-convert-adverbs-to-adjectives" millennial speak.

    13 1 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: This Insane^w Inane Example Will Blow Your Mind

      WUD U PREFR KITTEH SPEEK?

      WE NED KITTEH ICON!

      1 0 Reply
  6. adam payne

    "It is possible for hackers to craft files that are booby-trapped with malicious code, and this nasty payload is executed inadvertently and automatically by the scanner while inspecting the data. The injected code runs with administrative privileges, allowing it to gain full control of the system, install spyware, steal files, and so on."

    A malware scanner that executes code and infects the machine. Oh you couldn't make this up.

    13 1 Reply
    1. patrickstar
      Reply Icon

      All "antivirus software" has vulnerabilities like this one... And they tend to run with very high privileges, too. Really great concept, or not.

      2 1 Reply
    2. CrazyOldCatMan Silver badge
      Reply Icon

      A malware scanner that executes code and infects the machine. Oh you couldn't make this up.

      Which was pretty much my reaction..

      Reading more - it seems that there is a language interpreter (akin to Javascript) called NScript included in the anti-malware suite and it's that that can be compromised. Which is a whole other Set of Fail..

      6 2 Reply
      1. GrapeBunch
        Reply Icon
        Windows

        Diet of Write-Only Random Memories

        "Mommy, can I get syphilis from reading porn?" "Yes, Billy."

        1 0 Reply
    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Francis Aloysius Xavier Murphy, at your service sor

      "Oh you couldn't make this up".

      Au contraire, it's merely a basic example of Murphy's Law at work. That kind of thing should be extremely familiar from the first week of Engineering 101.

      0 1 Reply
  7. Anonymous Coward
    Anonymous Coward

    Micro$haft RearEnder more like.

    1 2 Reply
  8. Anonymous Coward
    Anonymous Coward

    And yet ..

    .. people keep using Windows.

    1 1 Reply
    1. uncommon_sense
      Reply Icon
      Holmes

      Re: And yet ..

      As long as much stuff only works on Windows, yes, since Adults need to Get Work Done. You may or may not be familiar with the concept..

      Try running a pile of lab gear on WankOS..!

      0 3 Reply
  9. dm_dv
    Devil

    Re: Windows 10 for the best protection!

    Microsoft doesn't really seem to get it's own OS, there used to be alternatives, until they forced people to buy a shoddy product, because let's face it, Microsoft is all about "Revenue" in ad's and they still include "Bug's" in Windows, especially MSDOS. You can read about it on the Russian site called Multi-Boot.ru where you may also download a copy of MSDOS 8.0

    The Chinese came along with MSDOS 7.0

    The Free Software alternative FreeDOS provides even more fixes to what some people would call the malicious and deliberate error that people know as Windows!

    http://unix.derkeiler.com/Mailing-Lists/FreeBSD/hackers/2008-04/msg00071.html

    0 5 Reply
  10. dm_dv
    Angel

    Loving the News.

    I'm kinda loving the news that the government, managed to single handedly piss-off nearly every single computer security guru and expert on the planet and they attacked the single source of there revenue stream's by attempting to "hack" into there own systems as maintained by DARPA!

    Why would anyone do that?

    That would be: Stupid

    0 2 Reply
  11. dm_dv
    Linux

    Re: Windows 10 for the best protection

    Gnu/Linux can disable all of it's active services and open channels for communication, using TCP/IPSec Layers and Kerberos for strong authentication oh and it has the capability of turning invisible.

    Whats Windows 10's super power?

    0 3 Reply
  12. Anonymous Coward
    Anonymous Coward

    "Crazy Bad" Just Seems So Judgemental

    What kind of behavior do you expect from a bug if you go hanging labels like that on it?

    We all tend to live up - or down - to expectations.

    0 0 Reply
  13. Solly
    Facepalm

    Hmmm

    Surely you could flood it with possible usernames with a zero byte password to establish which usernames had valid accounts, and then step one byte at a time revealing the passwords...

    0 0 Reply
  14. Howard Hanek
    Happy

    False Premise

    ....that 'Windows Defender' protects the customer. It protects Microsoft.

    0 0 Reply
  15. Version 1.0 Silver badge

    I think I just found one of these

    I was looking at a Win 7 PC this morning that was exhibiting a lot of network activity but otherwise was hardly used - the user reported that it had been updating just fine and a regularly reported that it had been updated every week. But I completely failed to do a manual update and looking at the history the only thing that has been updated for a couple of months has been the Microsoft Security Essentials - at least that's what it "said" (MRD applies).

    The machine had no mail access and very little browsing activity - I've just nuked it - factory reset with no restore.

    2 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like