Friday, 12 May 2017

Microsoft Makes Emergency Security Fix

Security Fix
In order to stop hackers from taking control of computers with the help of one single email, Microsoft issued an urgent update. There was a possibility of hacking the recipient’s system even without the recipient opening it which was caused due to an unusual bug in Microsoft’s anti-malware software such as Window Defender. After this vulnerability in the Microsoft Malware Protection Engine was discovered by two Google security experts at the weekend, Microsoft immediately released an emergency out-of-band update as a security fix.

The security experts were researchers currently on Google’s Project Zero cyber-security outfit. The Security fix was released immediately when discovered and even before Microsoft’s monthly security update which happens on the second Tuesday of every month. Hackers could take advantage of this defect by simply emailing infected content, sending an instant message or just by getting the recipient to click on a web link.

Effect on Protection Systems

This security fix was vital as this susceptibility could be triggered if the anti-virus software on the system such as Windows Defender simply scanned the harmful content. Some scans are timed and set in such a way on some systems that they immediately scan for protection or take place at a later time.

The Microsoft Malware Protection Engine (MsMpEng) is a core service that comes in default with Windows 7, Windows 8.1, Windows 10 and Windows Server 2016.Many Microsoft security tools run on this core such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, etc.TheMsMpEng has a component called NScript that handles everything that looks like JavaScript. This bug causes NScript to create a confusion in the way it handles or interpret some JavaScript object types which in turn makes the system open to hackers.

How Hackers could take advantage of this bug?

This defect for allows remote code execution which is what computer hackers look for. Through remote code execution, hackers can install any code on our systems without our knowledge and permission which is basically hijacking our computer. This bug could be exploitable with almost no user interaction. Since the defence systems by Microsoft are default, this exposure makes innumerable PCs more prone to remote hacking.

Prompt Security Fix

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich were the experts who found this bug and Mr. Ormandy was taken aback with the prompt response Microsoft gave in order to fix it.Within a short time, Microsoft took quick action to issue a security fix unlike the past where months were taken to resolve a bug.

In order to fix this defect in MsMpEng service, within just a few days’ time, a new patch was prepared and was already shipped. The first version of the Microsoft Malware Protection Engine was v1.1.13701.0 which was affected because of this defect.

 As a security fix, Microsoft released v1.1.13704.0 within a few hours, in which the issue was patched and had already reached some of the users. Microsoft also stated that this risk of vunerability would have been much lower if users turned on a security attribute called Windows CFG (Control Flow Guard) that made memory-based defects and flaws much harder to exploit. US-CERT also issued an alert to spread awareness.

No comments:

Post a comment

Note: only a member of this blog may post a comment.