Prior to the ongoing ransomware attack, security researcher Travis Ormandy took to Twitter on May 6 to reveal that he and a partner had found a detrimental flaw in Microsoft’s Windows operating system — one that was, in his words, “crazy bad.”
Upon receiving this report, the Microsoft security team launched into action, spending the entire weekend developing a patch that would reverse the scripting vulnerability. The patch was released on Monday, along with a list of programs that were affected by the security breach, including: Microsoft Forefront Endpoint Protection 2010, Microsoft Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, and more.
Additionally, Microsoft revealed that this flaw was so extensive that it would have allowed hackers to directly disengage Windows Defender, the antivirus software that is built directly into the Windows operating system. The affected versions of Windows Defender included those built into Windows 7, 8.1, and 10.
By weakening this defense, hackers had the ability to take control of devices without any direct access or even having to lure users into either opening an infected email or visiting a malicious website — two mistakes that are typically remedied by Windows Defender. Instead, a hacker would simply have to send an email ridden with infected files or a compromised chat message in order to breach the system. Therefore, all Windows users with an email inbox were at risk.
Although Microsoft developed a patch so quickly that Ormandy offered them endless “kudos,” it is not impossible for such a lapse in security to happen again. After all, antivirus programs are just as susceptible to failure as any other form of technology — a fact that has been exemplified by the recent issues with McAfee and FireEye, as well as the release of the “DoubleAgent attack” that turns antivirus software into malware.
Luckily, this particular incident did not escalate to such a degree, seeing as the flaw was repaired before it could even be discovered or exploited by hackers. However, users should still remain vigilant and beware of any suspicious looking emails or files, as their antivirus program could still be vulnerable to attacks.