Showing posts with label Microsoft patches. Show all posts
Showing posts with label Microsoft patches. Show all posts

Friday 12 May 2017

Microsoft Makes Emergency Security Fix

Security Fix
In order to stop hackers from taking control of computers with the help of one single email, Microsoft issued an urgent update. There was a possibility of hacking the recipient’s system even without the recipient opening it which was caused due to an unusual bug in Microsoft’s anti-malware software such as Window Defender. After this vulnerability in the Microsoft Malware Protection Engine was discovered by two Google security experts at the weekend, Microsoft immediately released an emergency out-of-band update as a security fix.

The security experts were researchers currently on Google’s Project Zero cyber-security outfit. The Security fix was released immediately when discovered and even before Microsoft’s monthly security update which happens on the second Tuesday of every month. Hackers could take advantage of this defect by simply emailing infected content, sending an instant message or just by getting the recipient to click on a web link.

Effect on Protection Systems

This security fix was vital as this susceptibility could be triggered if the anti-virus software on the system such as Windows Defender simply scanned the harmful content. Some scans are timed and set in such a way on some systems that they immediately scan for protection or take place at a later time.

The Microsoft Malware Protection Engine (MsMpEng) is a core service that comes in default with Windows 7, Windows 8.1, Windows 10 and Windows Server 2016.Many Microsoft security tools run on this core such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, etc.TheMsMpEng has a component called NScript that handles everything that looks like JavaScript. This bug causes NScript to create a confusion in the way it handles or interpret some JavaScript object types which in turn makes the system open to hackers.

How Hackers could take advantage of this bug?

This defect for allows remote code execution which is what computer hackers look for. Through remote code execution, hackers can install any code on our systems without our knowledge and permission which is basically hijacking our computer. This bug could be exploitable with almost no user interaction. Since the defence systems by Microsoft are default, this exposure makes innumerable PCs more prone to remote hacking.

Prompt Security Fix

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich were the experts who found this bug and Mr. Ormandy was taken aback with the prompt response Microsoft gave in order to fix it.Within a short time, Microsoft took quick action to issue a security fix unlike the past where months were taken to resolve a bug.

In order to fix this defect in MsMpEng service, within just a few days’ time, a new patch was prepared and was already shipped. The first version of the Microsoft Malware Protection Engine was v1.1.13701.0 which was affected because of this defect.

 As a security fix, Microsoft released v1.1.13704.0 within a few hours, in which the issue was patched and had already reached some of the users. Microsoft also stated that this risk of vunerability would have been much lower if users turned on a security attribute called Windows CFG (Control Flow Guard) that made memory-based defects and flaws much harder to exploit. US-CERT also issued an alert to spread awareness.

Thursday 3 November 2016

Microsoft Attacks Google's Windows Hack Alert


Google leaves Microsoft red faced by revealing a potent security flaw found right in its popular Windows operating system. Google has published a report which gives insight and remarkable details into the security flaw which has yet to be fixed by the Microsoft. It should be noted that Google has already given a deadline of seven days to Microsoft for fixing up the flaw but Microsoft simply failed to play by the rules. Google has stated that it was necessary to reveal the flaw to public as it was being actively abused. Microsoft reiterated by stating that alert which only ends up in causing more harm because it will still need more time come with a suitable security patch.

The flaw revealed by Google

Google has revealed a major flaw in the file named Win32k.sys which is utilized by the Microsoft’s Windows operating system to display graphics. Any kind of alteration or moderation to this file can create havoc for the users which leaves the display system is jeopardy. Deleting or altering this file results in system errors with the notorious blue screen of death. This has been known by all the major security experts and operating system users as well as technicians but the flaw revealed by Google brings showcase a vulnerability which can utilized by the hackers for their own personal gains.

Google has quite frankly laid down the roadmap for any hacker to exploit this vulnerability through using a ‘security sandbox escape. This simply means that if a hackers gets acess of any Windows operating system the he will get the ability to alter other computer function sin order to cause more problems for the end users.

Why Google chose to reveal the vulnerability? 

Google has a policy which has been active since 2013 and it states that Google will offer 60 days to the developers to fix up the flaw identified by it, only in the case if no one making active use of the flaw. But if it’s found that the vulnerability is being utilized by hackers or other then Google will offer just 7 days before making the flaw public.

Similarly Google has given seven days to the Microsoft to come up with a fix for this vulnerability but they failed to do so. Microsoft has stated in its defense that it isn’t feasible to come with right solution and fixing parameter with an imposing aggressive timeline. It has also been stated by Google that users can safeguard themselves from this flaw through limiting the exposure by the using the Chrome which is not effectively exposed to the vulnerability.

Tech community is divided in this debacle

Cyber security experts are left scratching their whether the decision taken by Google is right or wrong given the fact that revealing the flaw will still require a security patch from Microsoft and Microsoft requires time to develop it. A security expert has stated that bringing flaw public without knowing who are the attackers and targets can aggravate the situation further.

Monday 17 November 2014

Microsoft fixes '19-year-old' bug with emergency patch

The 19-year-old software bug that was discovered by IBM has not been fixed by Microsoft. IBM came to know about this flaw long back (May) but wanted to get the issue fixed as it was affecting office and windows products before making any statement to the general public.

According to IBM, this software bug was present in every single version of Windows since 1995. Windows users are being requested to download the update for the respective windows version, as hackers and attackers will be easily able to exploit their personal computer, which is already affected with the bug. Microsoft has already addressed this issue in their monthly security update and has added more patches to fix the other security issues of the users. They are currently working on few more updates and patches, which will be rolled out soon.

Robert Freeman, IBM researcher has explained the susceptibility in depth in his blog post. He has written that this bug can be easily used by any attacker for creating drive-by attacks and easily run codes remotely on anyone’s computer and they can practically take over the entire machine or system. A drive-by attack in a computer security means that the system attacker will be able to make the user of the system download vulnerable and malicious software.

According to the reports given by IBM, this bug was practically hiding in the plain sight. On the CVSS (the Common Vulnerability Scoring System), the vulnerability - dubbed WinShock has been rated 9.3 out of a possible 10. This means a severity in terms of computer security.

Potential disaster: 

Another bug that has been identified affects the Windows Server platforms of Microsoft. This potentially puts the security of websites at risk, which mainly handle the encrypted data. This bug has been specifically linked with Schannel, which is the company’s software for applying the secure transfer of data. Schannel is also known as Microsoft’s secure channel. Some of the major problems discovered in secure standards include GNUTLS, Apple SecureTransport, NSS, OpenSSL, and Schannel now.

This security flaws has also been compared with Heartbleed bug by the security experts. However, they have also added that the impact of the bug might be on the similar scale as that of Heartbleed bug but the level of exploitation will be difficult for the attackers. When it came to Heartbleed bug, the technological vulnerability was associated with the exploitation of the secure data transfer also known as Secure Sockets Layer (SSL).

Now, the bug has been identified by IBM and a patch has already been released by Microsoft to tackle the issue, there is been no evidence of any complaints being received about potential attacks. However, security experts believe that there are chances of security attacks in the system, which are out of date.

According to the Market researchers, if the bug had been sold out to hackers and attackers, the worth of the same would have easily been in six figures. According to Gavin from Tenable Network Security, just because there is no evidence of any attacks, we should not leave out the security concerns.

Thursday 13 February 2014

Microsoft Patch Comes With Seven Security Updates

The February Patch released on Tuesday gave Windows users seven security updates to check more vulnerabilities in Microsoft software. Microsoft plugs security holes in various Windows operating systems.

Microsoft Patch
From the original five announced update packages Microsoft has made it to seven. The two additional software patches to repair leaks in Internet Explorer and in the scripting language “VBScript “. Both of those leaks are classified as critical one by Microsoft. They all relate to versions of Windows (including server variants), the security software Forefront Protection 2014 for Exchange and the runtime NET Framework.

By the way the 8th April is nearing and the support for Windows XP is running out. The patch MS14 -010 resolves a publicly and 23 privately reported vulnerabilities in Windows. The most severe vulnerability allows remote code execution (attack from afar), if a user views a specially crafted Web page using Internet Explorer the successful attacker will gains entry under with the same user rights as the current user.

For users whose accounts are configured to have fewer privileges, have the less impacted than users who operate with administrative privileges. The Microsoft patch day is normally on the second Tuesday of each month instead - the next Patch Tuesday will be on 11 Of March 2014.

The security updates install automatically with the appropriate active Internet connection. With this month’s Patch Microsoft brings out a fresh version of its "tools for removing malicious software".

Wednesday 13 November 2013

Microsoft's November Patch Brings 8 security updates

Microsoft's Patch
The November Patch Tuesday brings Windows users probably eight security updates. They include critical vulnerabilities in Microsoft software. November Patch of Microsoft plugs critical security flaws in Windows operating systems. Microsoft announced eight security updates that primarily take care of gaps in the current Windows operating systems, various Office programs and Internet Explorer.

 Three updates from Microsoft the status of "critical". This means that you should absolutely install and then that usually a system reboot is required. For the recently discovered “zero- day vulnerability," spread through the hacker with manipulated video and office files malware, there is still only a "fix -it" - in the context of the November patch, Microsoft excludes the vulnerability apparently not.

 Microsoft's Tuesday Patch is usually on the second Tuesday of each month instead - the next Patch Tuesday is thus 10 December 2013. The security updates install automatically with the appropriate pre with active Internet connection. With this month’s Patch Tuesday Microsoft brings a fresh version of his “tools for removing malicious software “out.

Wednesday 14 August 2013

Microsoft announces eight security updates in August Patch

The August Patch Tuesday 13 August 2013 brings Windows users probably eight security updates. They include critical vulnerabilities in Microsoft software. Microsoft plans to the August Patch Tuesday and released eight security updates. Three of the announced updates are for ironing critical weaknesses in current Windows operating systems, from the Internet Explorer and special server software from Microsoft. The information from the Microsoft website for any updates there in August for the Office suite. Certain, however, is an update of the "Malicious Software Removal Tool" (32 bit, 64 bit). Microsoft's Patch Tuesday is usually on the second Tuesday of each month instead - the next Patch Tuesday is thus 10 September 2013. The security updates install automatically with the appropriate setup with active Internet connection.

Friday 26 July 2013

Windows 8.1 new patches available!

While Windows 8.1 will be officially released during the month of August, but in the mean time Microsoft continues to fix some bugs in the Public Preview. Thus, there are three patches that are currently deployed via Windows Update. They bring greater stability to SkyDrive and bug fixes for Internet Explorer 11 or the tethering function. The final version of Windows 8.1 is not expected until next month from Microsoft and certainly not before the fall in PC manufacturers meet. A Public Preview is available since the end of June and can give a good overview of the changes made by the Redmond over Windows 8, released last year. Still, the software giant is making adjustments in the Public Preview. A first one was made very recently, while three other patches are pushed for several hours. The first is to make it more stable SkyDrive storage service house online. The second patch seeks to solve a bug in Internet Explorer 11 when timer and VBScript code is used within a web page, according to specific scenarios. The third patch is meanwhile to improve the functioning of tethering, which made its debut with Windows 8.1, and that did not work as expected. As a reminder, it allows you to share an Internet connection if a 3G / 4G modem is present in the device.