You have probably already read about the bug which effects all Microsoft's security programs, from basic home apps like Defender through to professional level Forefront Security for SharePoint discovered by Google Project Zero researchers. It was certainly a bad one, utilizing the act of scanning a file for malware as the infection vector, striking similar to the way some viruses hijack our own immune systems.
The good news is that Microsoft started pushing out a fix for the bug on Monday; as the bug was hinted at publicly on Friday someone must have put in a long weekend. This quick turnaround is very nice to see and demonstrates the usefulness of publicly announcing the existence of a threat, without revealing the details to the public immediately. Bug bounty programs are a good thing but if they involve NDAs it can lead to delays in resolutions as there is little pressure on the software developers to push out an immediate fix. As The Register states, responsibly disclosing the existence of a bug, especially a major one such as this, you get a quick turn around like we saw from Microsoft.
Update if you got 'em!
"On the second point, well, we hate to break it to you but all software has bugs – especially Microsoft's code. There are any number of horrible remote code execution flaws in Windows and Office right now, sitting there waiting for white and black hats to find and exploit. Being told, yes, there is definitely a bad bug lurking in among the ones and zeroes doesn't make you less secure."
Here is some more Tech News from around the web:
- Researchers Create Touchpads With a Can of Spray Paint @ Slashdot
- Even if you hate the idea, Windows users should want Windows 10 S to succeed @ Ars Technica
- NETGEAR Nighthawk X10 R9000 AD7200 802.11ad Wireless Router