Microsoft has released an emergency security patch for the Windows zero-day vulnerability named “crazy bad.” The bug has been deemed one of the worst RCE (or remote code execution) flaws on Windows in recent history.
Attackers can use the vulnerability to compromise the OS that run the affected security products of Microsoft, including Security Essentials and the Windows Defender, among others. The update released by Microsoft to fix the vulnerability is bundled with its other security products.
Worst in Recent History
Microsoft offered a patch for the recent vulnerability in a very short amount of time, for combating the serious zero-day vulnerability found recently.
Microsoft had offered the security advisory for the RCE flaw in CVE 2017 0290, which had impacted the Windows OS.
Google’s Project Zero had revealed the security risk through its security experts, Tavis Ormandy as well as Natalie Silvanovich.
Revealing the Bug
Ormandy, a popular risk researcher, had also revealed the zero-day flaw in the MsMpEng, or Malware Protection Engine of Microsoft, which was being used by the Windows Defender.
The discovery of the bug was called a “crazy bad” type of bug and one of the worst types of RCE flaws in recent history.
At the time, Ormandy did not offer any other detail, wanting to give Microsoft enough time to solve the corruption risk, by reporting it privately.
The built-in deployment system and the scanner engine of Microsoft products will offer the security patch to vendors in order to fix the vulnerability.
This is why some more details regarding this vulnerability have now been disclosed.
About the Vulnerability
The vulnerability enables the attack to execute codes remotely when the MMPE, or protection engine of the Malware, scans a file that is specifically created.
When the attacker is successful in exploiting the file, they can enter the LocalSystem accounts of the victims and hijack the entire system.
When the attacker has this power, they can control the system—install programs or delete them, get access to all information on the system, create a new account and get complete user rights, download some more malware on the system and even carry out a lot of other unwanted activities using the vulnerability.
How it Works
According to the Project Zero security team, the attackers could use the vulnerability by sending emails to the victims.
There is also no necessity for the victim to even open the email or download the attachment in the message.
The vulnerability could be used via malicious site visits or by sending instant messages as well.
Exploiting the Vulnerability
Ormandy states that the vulnerability will be able to work against a default system and it is also wormable, which means that the malware is capable of replicating itself and spreading outside the targeted system of the victim.
The Project Zero team states that such vulnerability in the MsMPEng can cause severe damage to the Windows OS, on account of the ubiquity of the Windows service.
In case the real time protection has been turned on in the victim’s system, the Malware protection engine scans the files and the vulnerability can be exploited when the particularly created file is scanned.
However, if real time scanning has not been turned on, attackers have to wait for scheduled scans in order to exploit this vulnerability.
In a Twitter post, Ormandy has praised Microsoft for offering a quick emergency security patch.
He states that he was blown away by the quick response of Microsoft for protecting its users and that he couldn’t offer enough kudos for it.
Microsoft states that it has not received any reports regarding the exploitation of the vulnerability.
There is no need for system administrators to take any action, as the internal system of Microsoft will offer updates to the systems that are susceptible to the said vulnerability. However, users can also apply the update manually to get a faster fix for the problem.