Latest Windows patch having problems with a growing number of anti-virus software

A range of fixes and workarounds have been published.

This is a colorized transmission electron micrograph (TEM) of an Ebola virus virion. (Cynthia Goldsmith)

Enlarge / This is a colorized transmission electron micrograph (TEM) of an Ebola virus virion. (Cynthia Goldsmith) (credit: CDC)

The most recent Windows patch, released April 9, seems to have done something (still to be determined) that's causing problems with anti-malware software. Over the last few days, Microsoft has been adding more and more anti-virus scanners to its list of known issues. At the time of writing, client-side anti-virus software from Sophos, Avira, ArcaBit, Avast, and most recently McAfee are all showing problems with the patch.

Affected machines seem to be fine until an attempt is made to log in, at which point the system grinds to a halt. It's not immediately clear if systems are freezing altogether, or just going extraordinarily slowly. Some users have reported that they can log in, but the process takes ten or more hours. Logging in to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2 are all affected.

Booting into safe mode is unaffected, and the current advice is to use this to disable the anti-virus applications and allow the machines to boot normally. Sophos additionally reports that adding the anti-virus software's own directory to the list of excluded locations also serves as a fix, which is a little strange.

Read 3 remaining paragraphs | Comments

Attack code exploiting Android’s critical Stagefright bugs is now public

Google and partners sought delay releasing a patch.

Attack code that allows hackers to take control of vulnerable Android phones finally went public on Wednesday, as developers at Google, carriers, and handset manufacturers still scrambled to distribute patches to hundreds of millions of end users.

The critical flaws, which resides in an Android media library known as libstagefright, give attackers a variety of ways to surreptitiously execute malicious code on unsuspecting owners' devices. The vulnerabilities were privately reported in April and May and were publicly disclosed only in late July. Google has spent the past four months preparing fixes and distributing them to partners, but those efforts have faced a series of setbacks and limitations.

For one thing, some of the fixes—for instance, new versions of Hangouts and Messenger that blocked automatic processing of multimedia files sent over the MMS text protocol—were little more than Band-Aids. They blocked one of the most frightening of the attack scenarios while doing little to prevent others, such as exploits that relied on a user browsing to a malicious website. Also problematic, even when patches fixing the underlying cause were available to end users, at least one of them patching a flaw indexed as CVE-2015-3864 was so flawed that attackers can exploit the vulnerability anyway. Android apps such as this one from Zimperium—the security firm that first disclosed the Stagefright bugs—show that a Nexus 5 phone running all available patches remained wide open at the time this post was being prepared.

Read 2 remaining paragraphs | Comments