A major software company has been forced to admit to a bug in its own Malware Protection Engine.
However, researcher Tavis Ormandy was able to inform Microsoft of the issue. This enabled the software giant to patch the flaw before it was able to be exploited.
The firm stated on the 17th of June that the CVE-2014-2779 bug was now fixed. The problem could potentially have been exposed to a denial of service attack, should the MS Malware Protection Engine have scanned a specially designed file.
A system attacker would have then been able to exploit the bug to stop the engine protecting the user’s system, until the file was removed and service restarted.
The researcher who identified the flaw is Google information security engineer Tavis Ormandy, based out of California but originally from the UK.
Microsoft explained:
“There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user.”
Not every business has the resources to recruit such talent as Ormandy, but this example goes to show how important it is to identify flaws and respond to them as quickly as possible. Many risk and network threat forum users keep businesses and individuals abreast of any trending threats, but hiring someone who knows how to ensure that a firm’s systems are safe is vital in today’s cyber-sensitive environment.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.