Microsoft Security Under Scrutiny After Recent Incidents
Microsoft is struggling through a rough July for security issues even as the company continues to add more cybersecurity capabilities through acquisitions.
Microsoft and Security
The bad luck streak harkens back to the days a decade or more ago when Microsoft was seen as a company that was more concerned with the features it could add to its dominant operating systems than with the security of the OS. But that would be an unfair assessment, according to Chris Gonsalves, vice president of research at Channelnomics, adding that Microsoft is better at security now than at any other point in its history.
Gonsalves noted that Microsoft’s actions around both the Print Spooler and SeriousSAM vulnerabilities have been good, both in the company’s mitigation responses and its interactions with the researchers in the industry.
“If you get hit with three things in a month, it’s kind of kismet,” he told eSecurity Planet. “It is a critical mass of those things and it seems overwhelming. It seems like things are really bad. The other part of it is a lot of people are banging around the edges of Microsoft right now because Windows 11 is on the horizon. At least in a couple of cases here, these research programs began as folks looking at beta code for Windows 11 and discovering things that ultimately retrograded back to Windows 10. But they were essentially looking for things in Windows 11 and that activity on the cusp of what’s going to be a very high-profile rollout of the most popular operating system on the planet is also a part of this.”
User Experience at Issue
Channelnomics’ Gonsalves said the flaws are serious but it’s doubtful that there will be a rush among bad actors to take advantage of them, at least in the short term.
“There are exploits in the wild now, but these are the products of what you would expect to see from a robust research community banging away at stuff and dutifully notifying,” he said. “We hear more about this than the hoi-polloi of cybercriminals, who continue to leverage things that are older than you and me.”
Some of these vulnerabilities were the result of Microsoft trying to improve the user experience in Windows.
“Part of the issue with something like PrintSpooler is that it was not a great program,” Gonsalves said. “The same with SeriousSAM. Fundamental errors were made and if you take apart the motivations for those programming errors, it was really an effort to make things easier for users.”
With Print Spooler, “you want somebody who doesn’t have admin rights to at least be able to choose a printer and install a printer driver to get their work done,” he said. “What you didn’t think through is that if you do that and [an attacker is] able to copy the envelope where the drivers live and spoof the drivers and run other kinds of unauthorized code, you have a privilege escalation problem on your hands. They didn’t think that through. So it’s not great programing, but they were trying to make life easier for the users.”
By Jeff Burt
Read the entire article, Microsoft Security Under Scrutiny After Recent Incidents, at esecurityplanet.com.