Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft Modifies Open-Source Code, Blows Hole in Windows Defender

posted by chromas on Monday April 09 2018, @06:12PM   Printer-friendly
from the (unsigned⠀int) dept.

mrpg writes:

https://www.theregister.co.uk/2018/04/04/microsoft_windows_defender_rar_bug/

A remote-code execution vulnerability in Windows Defender – a flaw that can be exploited by malicious .rar files to run malware on PCs – has been traced back to an open-source archiving tool Microsoft adopted for its own use.

[...] Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Microsoft Modifies Open-Source Code, Blows Hole in Windows Defender | Log In/Create an Account | Top | 85 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by turgid on Monday April 09 2018, @06:28PM (5 children)

    by turgid (4318) Subscriber Badge on Monday April 09 2018, @06:28PM (#664586) Journal

    Seriously?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 5, Insightful) by maxwell demon on Monday April 09 2018, @06:32PM (4 children)

    by maxwell demon (1608) on Monday April 09 2018, @06:32PM (#664589) Journal

    I bet the change was done purely in order to conform to some internal Microsoft coding standard. And probably that “simple” task was given to an inexperienced programmer …

    --
    The Tao of math: The numbers you can count are not the real numbers.

    • (Score: 3, Touché) by Runaway1956 on Monday April 09 2018, @07:39PM

      by Runaway1956 (2926) Subscriber Badge on Monday April 09 2018, @07:39PM (#664624) Journal

      "And probably that “simple” task was given to an inexperienced janitor …"

      FTFY :^)

    • (Score: 4, Insightful) by turgid on Monday April 09 2018, @07:55PM (2 children)

      by turgid (4318) Subscriber Badge on Monday April 09 2018, @07:55PM (#664634) Journal

      I'm surprised that didn't involve rewriting it as an Excel macro...

      • (Score: 2) by Freeman on Monday April 09 2018, @08:41PM

        by Freeman (732) on Monday April 09 2018, @08:41PM (#664662) Journal

        That we've been told about anyway.

        --
        Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"

      • (Score: 1) by DECbot on Monday April 09 2018, @11:58PM

        by DECbot (832) on Monday April 09 2018, @11:58PM (#664745) Journal

        My guess this was the abstraction layer that ported rar file format to something VB could use, and thus making it available to Office macros.
         
        Makes sense to me. Put a bunch of filenames in a worksheet in Excel, press a button and out spits a rar file containing all the files listed in the worksheet. Who needs properly working pipes and bash one-liners, we've got ctrl+c, ctrl+v, and macros!

        --
        cats~$ sudo chown -R us /home/base