Microsoft Patches Fatal Flaw in Windows Antivirus Software

[Paul Wagenseil]

Microsoft rushes out emergency patch for fatal flaw that could have crashed or hijacked its own Windows antivirus software.

Microsoft Patches Fatal Flaw in Windows Antivirus Software : Read more

 

[spikey in tn]

Is this solely a Microsoft problem, or does JavaScript also have a key role that needs addressing?

 

[Paul Wagenseil]

Is this solely a Microsoft problem, or does JavaScript also have a key role that needs addressing?

Bad JavaScript makes this attack possible, but I don't think JavaScript is to blame.

 

[spikey in tn]

Is this solely a Microsoft problem, or does JavaScript also have a key role that needs addressing?

Bad JavaScript makes this attack possible, but I don't think JavaScript is to blame.

Perhaps I didn't sufficiently differentiate between whether JavaScript was an innocent carrier or an active participant. Regardless of which ultimately proves to be the case, one thing is certain - JavaScript is in the middle, whether actively or passively, of far too many attacks of all kinds. To me it has proven to be a hacker's dream because of how well it serves their purposes.

 

[rgd1101]

Is this solely a Microsoft problem, or does JavaScript also have a key role that needs addressing?

Bad JavaScript makes this attack possible, but I don't think JavaScript is to blame.

Perhaps I didn't sufficiently differentiate between whether JavaScript was an innocent carrier or an active participant. Regardless of which ultimately proves to be the case, one thing is certain - JavaScript is in the middle, whether actively or passively, of far too many attacks of all kinds. To me it has proven to be a hacker's dream because of how well it serves their purposes.

read the article
"The flaw has to do with how the Microsoft malware-detection engine, shared by Microsoft Security Essentials and Windows Defender, parses JavaScript, a common coding language used in web pages and other applications.
A malicious JavaScript command fed into the malware-detection engine's code analyzer in just the right way could affect the malware-detection engine itself. The JavaScript could arrive in a web page, instant message, tweet, email or any other format that would be monitored by antivirus software."

 

[Paul Wagenseil]

Is this solely a Microsoft problem, or does JavaScript also have a key role that needs addressing?

Bad JavaScript makes this attack possible, but I don't think JavaScript is to blame.

Perhaps I didn't sufficiently differentiate between whether JavaScript was an innocent carrier or an active participant. Regardless of which ultimately proves to be the case, one thing is certain - JavaScript is in the middle, whether actively or passively, of far too many attacks of all kinds. To me it has proven to be a hacker's dream because of how well it serves their purposes.

That's a viable argument, but JavaScript isn't half as dangerous as Java, which REALLY is at the middle of too many attacks of all kinds. You should really disable Java in the browser unless you absolutely need it.