Technology

Microsoft Windows 10 source code leaked

Share
SUSE Linux Enterprise Server 12 Screenshot

Exploiting this flaw is ridiculously simple as it requires an attacker to send a malformed file to the victim via various methods: email, chat message, file download, or trick the victim into accessing a malicious website hosting a weaponized JS file. The malicious file would be scanned by the Microsoft Malware Protection Engine, automatically if real-time protection is turned on, and boom. For that, we should be thankful since the remote code execution vulnerability was so easy to exploit that it would have resulted in epic pwnage. "I suspect this has never been fuzzed before", Ormandy said. Since ATP's introduction, Microsoft has broadened the range of behavior that it can inspect-for example, the Creators Update earlier this year added detection of certain suspicious kinds of memory manipulation-and this will continue with the addition of monitoring of script-based attacks and detection of keylogging. It was the third critical Windows Defender vulnerability Project Zero researchers have uncovered in the past seven weeks.

The emulator is used to execute untrusted files that could be portable executable files. With the artificial intelligence update, Microsoft said that won't happen again. According to the advisory, the account has "extensive privileges on the local computer and acts as the computer on the network".

"Microsoft says it's "hardening the Windows platform" with additional capabilities, including Windows Defender Exploit Guard, a new feature making EMET [Enhanced Mitigation Experience Toolkit] native to Windows 10".

As a testament to the ease of triggering the bug, Ormandy took special precautions in publishing some of the proof-of-concept exploits, which were linked to a file named testcase.txt.

"Note that, as soon as the testcase.txt file touches disk, it will immediately crash the MsMpEng service on Windows, which may destabilize your system", the expert wrote. "The testcases have been encrypted to prevent crashing your exchange server".

This led Microsoft to release updates in mid-June to fix vulnerabilities identified by the National Security Agency, allowing older systems to protect against "potential nation-state activity". It took the company quite a while to get this to market, but the next version of Windows 10 will now ship with support for this feature.

Ormandy included the warning in his technical writeup.

The steady accumulation of critical AV vulnerabilities unearthed by Ormandy has involved products from a variety of companies, including Kaspersky Lab, Trend Micro, Symantec, McAfee, Eset, and Comodo.

All these bugs are unsafe because they allow attackers to crash or bypass security services and take over user's systems.

Share