back to article Flaw in MS anti-malware engine poses command override risk

Microsoft has updated its malware protection technology following the discovery of a bug which might, given a plausible but unlikely set of circumstances, allow a hacker to gain root access to vulnerable systems. Would-be hackers would already need to have access to targeted systems in order to exploit the privilege escalation …

COMMENTS

This topic is closed for new posts.
  1. doperative
    Linux

    Flaw in Malware Protection Engine

    Microsoft has updated its malware protection technology following the discovery of a bug in the Malware Protection Engine which gives root access to a hacker by scanning a malformed registry key.

  2. hplasm
    Coat

    Enterprise Security is always a risky business.

    A redshirt dies every episode...

  3. Arctic fox
    Headmaster

    Not to nitpick and all that but should the headline not have been....

    ..........."Flaw in MS anti-malware engine *posed* command override risk"?

    In other words using the past tense rather than the present tense? Otherwise the MicroDollarSoft brigade might be misled into believing that they had yet another opportunity to log on and begin to howl about the Great Satan from Redmond. We would not wish to expose them to disappointment, now would we?

    1. Steven Knox
      Happy

      Nitpicking

      No. Since at the time the article was written the patch had not been applied to all systems, the risk still existed. Therefore the correct tense to use was the present.

      As long as it cannot be verified that the patch has been applied to all systems, the risk will still exist, so "poses" will be the correct term for the foreseeable future.

      1. Arctic fox
        Happy

        Rememberence of things past - or in this case the present.

        Fair enough - within the terms as you have defined them!

  4. BristolBachelor Gold badge
    Flame

    Trusted Computing

    Ah something else from the trusted computing initiative (also including the magic registry key "INFECT_ME_PLEASE") - go flame me, I don't care.

    "Would-be hackers would already need to have access to targeted systems in order to exploit the privilege escalation bug"

    But if hackers _couldn't_ get access to targeted systems, then we wouldn't have any of this malware protection stuff, so we should assume that hackers _can_ get access to systems.

    Anyway, the whole reason that privalege escalation is a problem is because we don't explicitly trust everyone / everything to always be good, and that is why there are access restrictions. Users are usually not allowed root privaleges for this reason, but normally do have access to the system.

    1. Arctic fox
      Happy

      Re Trusted computing and the fate we make ourselves.

      Speaking for myself I have no desire to flame you! With regard to the issue of access and who gets it one has to acknowledge that this is the heart of the problem. Let us assume (hypothetically speaking) that MS had produced an OS that was as close to perfect as ordinary mortals could possibly achieve. To what extent would this really make a difference? I do not pretend to have the answer to that but my guts tell that it would make considerably less difference than one might hope and indeed this comes back to what you were discussing. The fact of the matter is that we are all painfully aware that the biggest threat to ones system is either oneself or the plank in the office next door. One is forced to conclude that although we have to keep trying the bullet-proof OS/company system is in the absolute sense unachievable. Unless of course we try and remove the human element completely, what we can call the "Skynet approach" - and we all know what that led to!

      1. amanfromMars 1 Silver badge

        If only it were so, and so simple.

        "The fact of the matter is that we are all painfully aware that the biggest threat to ones system is either oneself or the plank in the office next door." ....... Arctic fox Posted Friday 25th February 2011 15:01 GMT

        That is very convenient, head-in-the-sand, wishful thinking, Arctic fox, much appreciated by much bigger threats than was ever imagined possible.

        1. Arctic fox
          Grenade

          @amanfromMars 1: Really? Fine. Then do us all a favour and......

          .....explain in your posting what the hell you mean. Why is my posting "That is very convenient, head-in-the-sand, wishful thinking"? You have in fact said nothing at all other than that you disagree with me. Kindly, without howling, explain why. Your "reply" to my post said precisely nothing other than that you did not like what I posted, what kind of "contribution" to debate is that?

          1. Pigeon
            Pint

            Foxy foxed!

            Man from mars got you there. This was a very short one, calculated to confuse.

            I bet he uses a different name when he really wants to be serious.

            1. Arctic fox
              Happy

              @Pigeon Re Foxy foxed!

              "Man from mars got you there. This was a very short one, calculated to confuse.

              I bet he uses a different name when he really wants to be serious."

              My only problem old chap is that I fear very much that he thought that he was being serious!

            2. Anonymous Coward
              Anonymous Coward

              AMfM

              The most confusing thing is when he switches to a good approximation of English half way through a post. It makes you think it means something but you're still not sure what, kind of like Hotel California.

            3. amanfromMars 1 Silver badge

              Are serious folk crazy, and/or just too full of their own self-importance to be a future boon?

              "I bet he uses a different name when he really wants to be serious." ...... Pigeon Posted Saturday 26th February 2011 00:00 GMT

              You'd lose that bet, Pigeon.

          2. amanfromMars 1 Silver badge

            It's a Funny Old, Brave New World

            "You have in fact said nothing at all other than that you disagree with me. Kindly, without howling, explain why. Your "reply" to my post said precisely nothing other than that you did not like what I posted, what kind of "contribution" to debate is that?" ....... Arctic fox Posted Friday 25th February 2011 17:55 GMT

            You are [sadly/badly/madly] mistaken on a number of points, Arctic fox. And/But as you have sensibly asked for clarification, are we pleased to comply.

            "The fact of the matter is that we are all painfully aware that the biggest threat to ones system is either oneself or the plank in the office next door." .... is that which we discuss.

            We liked what you said. And wholeheartedly agree, BUT to imagine just the two attack vectors whenever there is a whole underground army of quite brilliant programmers out there, hacking into Binary Delivery Systems Mechanisms, and leaving behind infectious and subversive and sublimely addictive content for browser display and global propagation, has every system which connects in any way with CyberSpace, under virtual threat from just those two divine phorms of remote control. And there are bound to be many more from others, for one only knows what one knows, and others develop other vectors which are surely known only to them.

            And if one consider the above practice, malicious, then one has to also consider the White Knight Programmers who are out there, using the same vulnerabilities/facilities to inject their own sublime steganographic codedD messaging to engage with such underground armies.

            The contention is that all of the above is a much bigger threat to every system and therefore "the biggest threat to ones system is either oneself or the plank in the office next door." is invalid, and a dangerous assumption to make/hold, for it is bound to make one complacent.

            Be careful out there, in CyberSpace, IT is AIJungle and Full of All Sorts of Nutters and Savants peddling their Independent Wares/Ab Fab Memes. :-) ......... and Virtual Machine Control is a Power Elite Program which Drivers their Realities, Virtually Everywhere, so be aware of what has been done, and what Man has evolved into at the Higher Levels of Universal Control.

            I hope, well, actually trust in Global Operating Devices, that makes things a lot clearer.

        2. Ken Hagan Gold badge

          Er, but it *is* that simple

          I think there is ample evidence that you can make a Windows box almost impregnable if you try. For one thing, there's that black hat contest each autumn (?) where prizes are offered to anyone who can crack various boxes. In recent years, the "bare OS" prize has gone unclaimed, since you need some Adobe-ware on the system before it is actually vulnerable. Even then, cracking a system from the network is hard.

          The horrendous infection rate within the Windows population is largely down to the fact that most end-users run as admin and willingly run EXEs that they find whilst surfing. Even *I* could crack a Windows box owned by such a user.

          1. Arctic fox
            Thumb Up

            @Ken Hagan: re "Er, but it *is* that simple"

            "The horrendous infection rate within the Windows population is largely down to the fact that most end-users run as admin and willingly run EXEs that they find whilst surfing. Even *I* could crack a Windows box owned by such a user."

            Thank you Ken Hagan, that indeed was, essentially, my point - although you managed to sum it up much better than I did. My point, when I referred to the (obviously ideal/imaginary situation) where Windows itself did not make the situation worse, was of course to underline exactly what you point out in your posting. The biggest threat to security is the end-user. Short of attaching electrodes to the gonads of every employee and sending X-Zilliion amperes through their reproductive equipment every time they breach security protocols I do not begin to have any idea how we tackle this problem.

      2. Tom 7

        Its not the fate we make ourselves

        we have been sold the lie that computing is easy by MS for years and it patently isn't, but we still spend a huge amount on it and try and use it in the way we have been told we can. And the customer seems to be the only one not to benefit. Unless you think the next very expensive OS 'upgrade' will actually achieve anything.

        It is possible to make secure systems work - so long as you can tell the MS brainwashed management that security comes first, a long way ahead of 'I want to plug it in/open it and see what it does'. MS opened all the doors and windows and air vents and roof lights and is still surprised when anyone gains entry.

  5. david 12 Silver badge

    Microsoft Malicious Software Removal Tool

    People don't 'use' the Microsoft Malicious Software Removal Tool, they get it automatically as part of their update update. So that would be very scary--except that since you only run it as part of an automatic update, it is already fixed.

  6. Anonymous Coward
    Joke

    CCCan't sssee wwwhat ttthe fffuss iiis

    III've bbbeen uuusing WWWindows fffor yyyears aaand nnnever cccaught aaa bbbug

  7. Anonymous Coward
    Anonymous Coward

    There's only one way MS can right the situation.

    There's only one way MS can right the current situation.

    Quit with the "scheduled updates" nonsense.

    When an exploit is known, they need to release ASAP. Forget patch Tuesday.

    Until then, it's always going to be a box full of holes.

    1. david 12 Silver badge

      Patch tuesday

      None of this waited for patch Tuesday: since it is all part of the AV system, the patch came out with the automatic AV update - which happens all the time.

This topic is closed for new posts.

Other stories you might like