When a security researcher tweeted about what they thought was “the worst Windows remote code exec” in his memory, a recent incident came to mind: one that allowed a targeted file to implement remote code execution processes in order to manipulate any infected system. This vulnerability let the infected machine spread the issue to others and could be set off if a certain file were to be scanned by the Microsoft Malware Protection Engine. Scary stuff!
Regarding the incident, Microsoft was quick to resolve the issue. Thankfully.
The researchers who uncovered this vulnerability were Tavis Ormandy and Natalie Silvanovich from the Google Project Zero team. Once the pair had discovered the vulnerability, they took to Twitter to announce it to the world, including to Microsoft and the Microsoft Security Response Center.
Upon the notification, the MSRC confirmed that the vulnerability was indeed present, and that there were quite a few pieces of software within the Microsoft Malware Protection Engine that allowed a “specially crafted file” to run code placed on the system. This vulnerability was so widespread that it could be found on just about any recent Windows machine, including those running Windows 7, 8.1, 10, and even Windows RT.
Though this particular problem has been resolved, its urgency serves to remind all business owners that their software solutions need to be up-to-date at all times. While problems are often resolved by programmers, hackers always try to outdo them, creating a vicious, neverending cycle. Unless you want your business to be caught in the crossfire, you should patch your software whenever new updates are released. If you try to function without them, you’ll be leaving your organization wide open to attacks--attacks that can easily be preventable with proactive maintenance.
Does your organization need this type of proactive maintenance and management? If you think that it’s a hassle to keep an eye out for updates, you’re right. You shouldn’t have to worry about this, especially not while keeping your operations afloat. XFER can provide the IT you need by taking care of these updates for you so you can stay focused on running your business. To learn more, reach out to us at 734-927-6666 / 800-438-9337.
XFER has not set their biography yet