A good number of internet security suites carry worrying flaws that could leave users open to exploit, according to some new research.
Cybersecurity firm enSilo found no less than six common problems which affect over 15 different AV products, all of which derive from the errant implementation of code hooking (used to monitor operating system functions) and injections techniques.
Microsoft's Detours, the most widely used hooking engine, is affected.
Attackers can use these flaws to get around Windows (or other apps) mitigations against exploits, and the affected security suites include many of the major players such as AVG, Avast, Bitdefender, Kaspersky, McAfee, Symantec, Emsisoft and Webroot among others.
All of these antivirus makers have been informed, and some have moved to fix the issue in the last month, enSilo noted – without specifying any names. The bad news is that patching this one up involves recompiling the product in question, so it's far from a trivial fix.
It's not just security suites which are hit by this, either, as the Detours hooking engine is used by many software makers, so this flaw could affect a large amount of other programs and potentially millions of users.
In a blog post, enSilo observed: "Most of these vulnerabilities allow an attacker to easily bypass the operating system and third-party exploit mitigations. This means an attacker may be able to easily leverage and exploit these vulnerabilities that would otherwise be very difficult, or even impossible, to weaponise.
"The worst vulnerabilities would allow the attacker to stay undetected on the victim's machine or to inject code into any process in the system."
The good news, such as it is, is that Microsoft has a patch to address this inbound for Detours next month. And hopefully security firms are on the ball with their own fixes – it might be a good idea to get in touch with your provider to check up on whether these issues have been addressed.
Via: PC World
- How super-smart AI could make antivirus updates a thing of the past
Office 365 is going from strength to strength, according to some new numbers released along with Microsoft's latest fiscal results.
The cloud-based productivity suite now has 23.1 million subscribers, no less – not bad considering that at the end of 2014, just a year and a half ago, the number of Office 365 users was 9.2 million.
Redmond also said that revenue from Office consumer products and cloud services was up 19% year-on-year, making a worthy contribution to the company's total revenue of $20.6 billion (around £15.7 billion, AU$27.5 billion) for the quarter running up to the end of June.
Office commercial products and cloud services picked up 5% growth, which Microsoft says was driven by Office 365's commercial revenue growth of 54%.
No Azure blues
Azure revenue was also very healthy, more than doubling up with a rise of 102% year-on-year – and Azure compute usage also doubled.
As for Surface devices? These hybrids saw revenue increase 9% year-on-year, mainly driven by sales of the new pieces of hardware (Surface Book and Surface Pro 4) which made up for the fizzling Surface 3.
Commenting on his company's performance, chief executive Satya Nadella said: "This past year was pivotal in both our own transformation and in partnering with our customers who are navigating their own digital transformations. The Microsoft Cloud is seeing significant customer momentum and we're well positioned to reach new opportunities in the year ahead."
- Check out our feature which pits Office 2016 vs Office 365 vs Office Online