rarGH !

 In ITC's Threat of the Week

There are many fantastic reasons for trusting the safety of your Windows systems to the very reasonably priced (£0 – as long as your O/S licencing, some of which may be eye wateringly pricey, is up to date, obvs) Microsoft Windows Defender.

It turns out that part of the Defender package, the bit that unpacks .rar attachments to be scanned for embedded nasties is a modified copy of the Open Source Unrar code. There is a theory that for reasons best known to themselves, the Microsoft devs apparently changed all of the signed variables in the code to be unsigned, introducing a monster memory corruption vulnerability. Conflicting stories however suggest that this bug is related to an older Unrar bug.

These bugs were discovered by the notorious security geek Halvar Flake (real name Thomas Dullien), who works for Google alongside Tavis Ormandy. If you were a fly on the wall in their real or virtual workspace, you would probably need to be a fly with a PhD, like Seth Brundlefly to understand a word.

Anyhow, the long and short of it is that unless your Windows Defender components are fully up to date, your systems will be vulnerable to malware embedded in specially crafted .rar files which are presumably on the production lines in all the usual places (mwahaha) as you read this.

Microsoft has released CVE-2018-0986, which lists the vulnerable products (it’s a big list), suggests that this update should have been applied automatically but recommends that you check that you are running Microsoft Malware Protection Engine version 1.1.14700.5 or later. Instructions for running that check are here.

As an aside, we remember there being issues with Unrar licencing in the past, most notably by the Fedora team, one can only assume that Microsoft has its ways and means!

As we lurch into the second quarter of 2018, (how quickly did that happen?), the subject of DNS security appears to be the next big thing in the thrilling world of Internet privacy and security. This week, Cloudflare pulled off a major coup in the DNS world, announcing that it has stood up a resolver at 1.1.1.1 which promises to be not only the fastest resolver on the planet but also the most secure with no query data being sold to advertisers and logs being deleted after 24 hours. Trump that Mr Google 8.8.8.8!

With secure DNS ‘standards’ such as DNS-over-HTTPS and DNS-over-TLS coming down the tunnel (see what we did there?), you can be sure to see glossy DNS product announcements from the usual suspects in the coming months. Who would have thought it, DNS being interesting? If you fancy some bedtime reading, the DNS bible should do the trick. Night Night.

As ever, the superstars at Sophos’ Naked Security have written a very comprehensive piece that covers the forthcoming DNS issues.

If you would like help with protecting and assuring the state of your estate (or to see what condition your condition is in),  ITC has some proven technologies and services to make your life easier. Contact us at: enquiries@itcsecure.com or call 020 7517 3900.

If you would like to discuss DNS security, use the same address but make sure you have drunk your bodyweight in high strength coffee, Jolt Cola or similar before you contact us with shaking fingers.

Author: Kevin Whelan

Recent Posts
Comments

Leave a Comment

totw