Doing Business | IT & Technologies

May 09, 2017

Google: Microsoft's Windows Security Could Be Hacked With One Unopened Email

As bad flaws go, this one was particularly nasty. Google found a flaw in a security tool used in all modern Windows systems, known as the Microsoft Malware Protection Engine, that allowed total remote control over a vulnerable PC by just sending an email.

It didn't even need opening, just for it to be sent to the Windows machine was enough for the hack to work, Google Project Zero researchers Natalie Silvanovich and Tavis Ormandy reported today.

Ormandy had already described the bug as "crazy bad" and "the worst [of its kind] in recent memory." In a full technical description of the bug, he wrote: "Vulnerabilities in MsMpEng [Microsoft Malware Protection Engine] are among the most severe possible in Windows, due to the privilege, accessibility, and ubiquity of the service."

Fortunately, Microsoft has rushed out a patch and all PCs running the vulnerable tool should receive an update today. "If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file scanned," the company wrote in its advisory. "If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk.

"The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files."

Microsoft said the update should download automatically and users need not download anything. They can check they received the patch by following the instructions in the company's advisory.

What's the bug?

The issue lay in NScript - a component of Microsoft Malware Protection Engine that analyzes filesystems and network activity that looks like JavaScript. In parsing code, NScript didn't properly validate what information it was running, in what's known as a "type confusion" bug. An attacker was therefore able to hide malicious code in anything scanned by software, such as an incoming email or files served by a website. The vulnerability could be exploited on unpatched Windows 8, 8.1, 10 and Windows Server systems.

Ormandy noted that "there is no practical way to identify an exploit at the network level, and administrators should patch as soon as is practically possible."

"It looks fairly severe," added co-founder of Hacker House Matthew Hickey. "The [proof-of-concept hack] demonstrates remote code execution capability in various scenarios: you could exploit a system by uploading a file to [a] web server or sending an email to a Microsoft desktop. The malware protection service is enabled by default in Windows 8 and up. It's a very critical bug.

"It seems this malware protection service might be an Achilles heel in Microsoft security model and system owners should consider disabling it."

Despite the severity, Microsoft is receiving praise for how quickly it dealt with the bug, proving the value of the disclosure process...

Still blown away at how quickly @msftsecurity responded to protect users, can't give enough kudos. Amazing.

— Tavis Ormandy (@taviso) May 9, 2017

 

Text by Forbes
 

Tags Cloud

20102011accaaccidentaccidentsADSUadvertisingafghanistanAfrAsiaafricaagalegaagreementagricultureagroAIairair asiaair australAir Franceair madagascarair mauritiusairasiaAirlinesairportairway coffeeAlbionalgeriaalibabaalteoAlvaro SobrinhoamazonAmeenah Gurib-FakimAMLandroidApollo BramwellappappleappointmentsappsaquaculturearrestasiaATOauditaudit reportaustraliaaustriaaviationawardawardsAxcel ChenneyBABagatelleBagatelle DamBAIBangladeshbankBank OnebankingbanksbarclaysbeachbeachesBeau Bassin-Rose HillbeautybeerBelgiumBelle-MareBelle-RiveBet365betamaxbettingBharat Telecombig databitcoinblue economyBlue-BayBOIboko haramBollywoodBOMbombingbookbookmakerbossBotswanabpmlBPOBramer BankbrazilbrexitBritish AirwaysbudgetbuildingbusesBusinessbusiness trendsCabinetcall centresCanadacanecareercareer tipscargocarnivalcasinoCCIDCCMCCTVCEBcelebretiescelebritiescementChagoscharityCharlie HebdoCHCchilechinachromeCIELcigarettesCim FinancecinemaclashesCMTcomorosconcertconferenceCongoconstitutional amendmentconstructioncontestcontestscontractcooperationcorruptioncounterfeitcoupCourtCourtsCPBCPEcreativitycreditscrisiscruise shipsCSOCT PowerCultureCurepipecustomercustomerscustomsCVCWAcyclingcyclonedamDawood RawatdayDBMdeficitdenguedeportationdevelopmentDiego GarciadivalidoctorsdodoDomaine les PaillesDonald TrumpDPPdrug traffickingdrugsDTAADubaiDuty Freee-commercee-servicesearthquakeebeneebolaecoecologyeconomiceconomicseconomyEducationeducation abroadeducation reformEEZEgyptEIILMelectionselectoral reformelectricityelon muskembassyEmiratesemirates airlinesEmtelenergyENLentrepreneurshipEOCEUEuroEuropeeventeventsexamexaminationexamsexpoexportfacebookfairFalcqfarmersfarmingfashionfast foodfbiFDIfeefeesferryfestivalFievre AphteuseFIFAFIFA World CupFilm Rebate SchemefilmingfilmsfinancefinancesfinancingFirefishfishingFIUFlacqFlic-en-FlacFloodsflourfoodFootballforecastforeign workersForumFrancefraudfruitfruitsFSCFTAfuelfunnyGAARgabongadgetsgalaxygalaxy notegamblinggame of thronesgamesgasgazaGDPGermanyghanaGlobal BusinessgolfGoodlandsgoogleGorah Issac casegovernmentGRAGrand Baygrand-baiegreecegreengreen energygrippeGTUH1N1hackershajjhamashappinessHawaiihawkershealthhealthcareHeritage Cityhi-techhighlandshistoryHolcimholidaysHong Konghorse racingHospitalhotelhotel businesshotelshowhow toHRHRDCHSBCHSCHSC ProhtchungaryhuntingHusein Abdool RahimIBAIBLICACICTICTAID cardiframacillegal fishingillegal migrationillegal workersIMFimportindiaIndian OceanIndian Ocean Island GamesIndonesiainflationinfluenzaInfographicsinfrastructureinnovationinnovationsinsuranceinterest rateinternetinterpolInterviewinterview tipsinvestinginvestmentinvestmentsIOCIORECiosiPadiphoneIPOiraniraqirelandIRSISISislamicisraelITItalyjapanJellyfishJewelleryJin FeijobjobsjockeyjournalismJulian AssangeKailash TrilochunKenyakitesurfingKPMGkreolla buttelabourLafargelandlandslidelawlawslayoffsLe MorneleadershipleakLepeplexpressliberiaLibyalifeloanloanslocal governmentlogisticslotteryLottotechLRTLufthansalycheeMadagascarmade in morismalariamalaysiamalaysia airlinesMaldivesMalimallmanagementmanagement tipsmanufacturingmarketmarketingmarketsMauBankMauritiansmauritiusMBCMCBMCCIMDFPMeatmeccamediaMedical CouncilMedical tourismmedicamentsmedicineMedineMedPointmeetingMEFMegh PillayMESMetro ExpressMEXAmexicoMFAMGIMHCmichaela harte caseMicrosoftMIDMidlandsMIEmigrationmigration crisisminimum salaryminimum wagemiss mauritiusmistakesMITDmlMMMmobilemobile phonesMokamoneymoney launderingmonkeyMont-ChoisyMoody’sMoroccomotivationmoviesMozambiqueMPAMPCMPCBMPLMQAMRAMSBMSCMSMMTMTCMTPAMusicMV BenitaNad SivaramenNaïadeNamibiaNandanee SoornackNarendra ModinasanatureNavin RamgoolamNavind KistnahNCBNCGNDUNECnefNegative Income TaxNelson MandelaNeotownNepalnetherlandsnetworkingNew Mauritius Hotelsnew zealandNGONHDCNICNICHLNigerianight clubsNitin Chinien caseNobel Prizenokianorth koreaNRBNTANTCNWCCoceanocean economyofofficialsoffshoreoilOlympic GamesOmega ArkOmnicaneoniononlineopinionOppositionorangeoscaroscar pistoriusOUMoutsourcingPakistanpalestinePamplemoussesPanama Paperspandit sungkurParadise PapersparliamentPaul BérengerpensionpensionspeoplePhilippinesPhoenix Beveragesphonespicture of the daypillspiracyplagueplanPlanet Earth InstitutePMPMOpmsdPNQpokerpolicepoliticspollutionPonzi SchemeportPort LouisPort-LouispostPovertyPRPravind JugnauthPRBpresentationpresentation tipspresidentpricepricesprisonproblemprofitprojectprojectsprostitutionprotestspsacPSCpsychologyPTRpublic servicepwcQatarquatre-bornesquotesrainsRajindraparsad SeechurnRakesh GooljauryransomwareratesratingratingsRavi Yerrigadooreal estaterecallsreformreformsrefugeesreligionrepo ratereportRESRésidence Barklyrestaurantrestaurantsresultresultsresumeresume tipsretailReunionrevenuericeRiche-TerreriseRiviere-du-RempartRiviere-Noireroadsroche-boisRoches-Noires caseRodriguesRogersRose-HillrosewoodRoshi BhadainRum and SugarRundheersing BheenickrupeeRussiaRwandasafetySAJsalariessalarysalesalessales tipssamsungsanctionssaudi arabiaSBIsbmSCscamscandalSCBGscholarshipscholarshipsSchoolschoolsscienceseasecuritySEMSEMDEXSenegalSeychellesShakeel MohamedShanghaisharksshootingshoppingshopping fiestashopping mallshopping mallsshowShowkutally SoodhunSICsicomSierra LeonesingaporeSITskillssmall businesssmart citysmartphonesSMeSMEDAsmmsnapchatSobrinho casesocialsocial mediasocial networks & messengerssoftwaresolar energySomaliasonysouthsouth africaSouth China Seasouth koreasouth sudanspainsponsorshipsportSportsSquatterssri lankaSSRStar KnitwearstartupsstatisticsstatsSTCstockstock marketstocksstrategystreet vendorsStressstrikestudystudy abroadstylesuccesssuccess storysugarsugar canesummitSun ResortsSun Tan caseSunkai caseSunnystarssurveySwanSwedenSwitzerlandsyriaTAtabletsTaiwanTanzaniataxtax fraudtax heaventaxesTbillsteaTeachersteamTECtechnologytelecomtendersterrorismtertiarytextilethailandthethefttimetime managementtipstototaltourismtoystradetrade feetradingtrainingstransporttraveltrendsTrioletTripAdvisorTrou-aux-BichestsunamitunaTunisiaTurfTurkeyturkish airlinesTVtwittertyphoonUdMUgandaukukraineununemploymentunionsuniverseuniversityuomUSUTMvacanciesVacoasVacoas Popular Multipurpose Cooperative SocietyVacoas-PhoenixVanilla Islandsvarma caseVATVeekram BhunjunvegetablesVerizonvideoVideo of the Dayvirtual realityvisaVishnu Lutchmeenaraidoovisitvivo energyvolcanowasteWaterWaterparkWeatherwest africawhatsappWhitedot Casewi-fiwikileakswindowsWMAwomenworkworkersWorkshopWorldWorld Bankwriting tipsWTOXavier-Luc DuvalyahooYasin DenmamodeyemenYEPYerrigadoogateyoutubeZambiazimbabwe
Mauritius
© 2010-2017 mega.mu