Skip to main content

Google finds Windows vulnerability, calls it ‘crazy bad’

New info about Microsoft's vulnerability emerges, fix on way to users

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
Judging by the number of exploits that have surfaced over the last several months, one might be tempted to think that the internet and PCs are generally unprotected and wide open for attack. Whether or not that is actually true, a significant number of highly visible and scary-sounding vulnerabilities have been documented lately.

The latest comes from Google’s Project Zero, which locates flaws in systems like Microsoft Windows and promises to publicize them no later than 90 days after notifying the developer. That team has been true to its word, publishing exploits before they’ve actually been patched, and it has discovered one that it claims is the “worst … in recent memory,” as The The Hacker News reports.

Recommended Videos

The news came via Project Zero member Tavis Ormandy’s tweet the other day:

I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥

— Tavis Ormandy (@taviso) May 6, 2017

In a subsequent tweet, Ormandy provided a few more details about the vulnerability:

Attack works against a default install, don't need to be on the same LAN, and it's wormable. 🔥

— Tavis Ormandy (@taviso) May 6, 2017

Project Zero won’t reveal any additional details about the flaw, because of its own 90-day disclosure deadline. Presumably, Project Zero has passed the information along to Microsoft, which immediately kicked off the process of determining how best to fix the exploit. As Ars Technica reports, Microsoft responded quickly and issued a fix that is now being delivered to affected systems.

Now that the fix is on its way to users, Microsoft itself has shared a description of the fix, which is officially titled CVE-2017-0290. Perhaps ironically, the flaw is in the Microsoft Malware Protection Engine, otherwise known as Windows Defender, in all versions of Windows starting with Windows 7. With an unpatched system, any file that’s sent to a system and then scanned by Windows Defender could be used for an attack that would be executed at the LocalSystem level — in other words, with highly elevated privileges — and could take control of the system.

Because the Malware Protection Engine is updated in the background, users don’t need to do anything to patch an affected system. Updates are usually issued each month, but they can also be sent out immediately whenever needed. You can check that your system has been fixed by opening Windows Defender, going to Settings, then About, and checking your Engine Version. If it is 1.1.13701.0 or later, then you are not affected by the vulnerability.

Mark Coppock/Digital Trends
Mark Coppock/Digital Trends

As Ars Technica points out, this vulnerability utilizes one of the weaknesses of anti-malware software in general. Because it has to work at so many levels, and at very high privilege levels, in order to protect a system, it is uniquely vulnerable to many different kinds of attacks. Microsoft implemented a security feature, Control Flow Guard (CFG), in Windows 8.1 and Windows 10 that helps protect against remote execution attacks like this one.

Microsoft has been a Project Zero target in the past, including some instances where a vulnerability was publicized before Microsoft issued a patch. The Google team has therefore been a target of some general angst around its policies, even as it has likely succeeded in prodding developers to move expeditiously in fixing flaws in their code.

Natalie Silvanovich, another Project Zero member, responded to just these sorts of concerns with a tweet of her own:

If a tweet is causing panic or confusion in your organization, the problem isn't the tweet, the problem is your organization

— Natalie Silvanovich (@natashenka) May 6, 2017

This particular vulnerability serves as a reminder to make sure to keep your PCs updated with the latest security patches, and to ensure that your malware software is also up to date. While this vulnerability affects Windows, Apple’s MacOS users are not immune to attack and should take their own precautions as well.

Updated on 5-9-2017 by Mark Coppock: Added information about the vulnerability and that Microsoft has issued a fix.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Microsoft just released its ‘unified gateway to Windows’ for Mac
The Surface Pro 11 on a white table in front of a window.

Microsoft has launched a new Windows App for Mac that unifies the remote access Windows experience. There are even versions for iOS, iPadOS, and web browsers, with an Android version in public preview mode.

Windows App: Your gateway to Windows on any device

Read more
This new Android phone could give the Google Pixel 8a a run for its money
Infinix Zero 40 5G.

Here in the United States, we have access to a lot of different phones -- but we're missing out on many of the best bang-for-your-buck budget devices available in other parts of the world. The launch of the Infinix Zero 40 5G is yet another reminder of low- or midrange phones that never see a Western release, especially since it would be a solid competitor to the Google Pixel 8a.

The Infinix Zero 40 5G has a lot going for it, especially considering it costs around $335 to $370 depending on your configuration (versus the current sale price of $399 for the Pixel 8a.) It even has a feature I've never seen in another phone: a GoPro mode. Just look at how travelers can use it to control their cameras.

Read more
Launching Windows 11 apps could get up to 50% faster thanks to this new tech
Microsoft Store Ads on a Dell XPS Laptop.

Windows Latest has spotted a recent support document post from Microsoft confirming native Ahead of Time (AOT) support has been added to the Windows App SDK. According to Microsoft, this could bring major improvements to the launch times of Windows 11 apps. In its own testing, Microsoft has measured a 50% reduction in start times and around an 8x reduction in package size.

The Windows App SDK exists to help developers use classic desktop app frameworks to make apps with access to modern APIs that can be used across all kinds of Windows devices.

Read more