
Microsoft immediate release to fix the exploit in recent Windows Zero-Day bug. The exploit affects Windows 8, 8.1, 10 and Windows Server systems.
The recent flaw was discovered by both Natalie Silvanovich and Travis Ormandy who are researchers for Google’s Project Zero. It exists in the Microsoft Malware Protection Engine and it allowed hackers to take complete control of a system remotely by the user sending an email. Usually exploits need to be open and executed to function, but this one is particularly nasty and simply receiving the message allowed the exploit to wreak havoc. The exploit could also work by encouraging the user to click on a link or accept an instant message.
The reason this bug required such urgent attention and control is because it takes advantage of the Microsoft Malware Protection Engine or MsMpEng, which has significant privileges and accessibility to the system. Hijacking a system allows a hacker to remotely install or delete software, intercept private documents or photographs, create administrative accounts with full access to the system or install additional malware on the system.
An exploit of this magnitude has the potential to be disastrous to individuals, schools and businesses alike. This bug could by triggered merely by the auto defender running a scan and detecting its presence. This creates a significant security risk for systems that run scheduled scans or have real-time protection enabled, meaning that they would be the most vulnerable to the hack. It’s also worth noting that the feature is enabled by default in Windows, which makes it extra dangerous since many users do not modify their system settings and allow the defaults to control how the operating system runs.
Cyber-security expert Graham Cluley acknowledged that a typical anti-virus program is designed to block these exploits before they’re able to reach the computer and give control to hackers. He told the BBC that this type of bug is exactly what hackers are aiming for because they can gain total control of the user’s computer remotely without explicit authorization.
Ormandy announced that the bug existed through his Twitter account by calling it “crazy bad.” A second tweet identified characteristics of the exploit including that it “works against a default install, don’t need to be on the same LAN, and it’s wormable.” A wormable exploit can replicate itself rapidly and spread to other systems on the network. Some small home networks have only a few devices, but large businesses or universities can have thousands of vulnerable systems exposed to the hack. This is probably a bit more information than the general public needed to know. Ormandy and Silvanovich did not give any additional details out in order to allow Microsoft to develop an appropriate fix.
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. ???
— Tavis Ormandy (@taviso) 6 May 2017
Cluley did mention that he found it risky for Project Zero to release the information about their find on Twitter before a fix was implemented. It could’ve had a more severe impact on the operating system if it wasn’t able to be patched as quickly as it was. This method of releasing information can potentially benefit the hackers. It’s not usually advisable to publish information about exploits because it makes it easier for hackers in the future to exploit the operating system.
Microsoft reacted quickly and released a patch that was sent to all computers running the tool. This update was pushed out a couple hours ahead of schedule. Microsoft typically releases a monthly update with all required patches and updates in one large download to eliminate the hassle of updating weekly or even daily. This exploit obviously warranted immediate attention and action. All individuals using the affected operating systems should immediately install the latest updates to ensure they don’t fall victim to the hack and risk their system’s security. Microsoft mentioned that there had been no reports of the exploit being used at the time, but time is of the essence and being pro-active to patch this bug prevented it from becoming a significant problem worldwide.
Still blown away at how quickly @msftsecurity responded to protect users, can’t give enough kudos. Amazing.
— Tavis Ormandy (@taviso) 9 May 2017
Times certainly have changed since the introduction of Windows and Microsoft’s handle of exploits. The quick patch reflects how times have changed with a greater reliance on technology for everyday activities. With the amount of personal information and tasks being conducted on computers on a regular basis, someone gaining control of another’s computer has detrimental effects on productivity and creates a significant privacy risk. Always install the latest updates when they’re released, especially if they’re marked as urgent because you never know if you’re going to be a target of these hackers.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.