On June 10th, a researcher working for Google publically released details about a flaw in Microsoft’s Help and Support Center.  The flaw exists due to improper sanitization of URI’s in the HCP protocol handler.  If exploited, an attacker would be able to execute arbitrary commands on a victim’s machine.

This vulnerability disclosure has fueled an intense debate amongst security professionals on responsible disclosure, as the Google researcher only allowed Microsoft 5 days before going public with the flaw details.  If we look at previous cases of responsible disclosure, we see an average of 5 months given to vendors before a patch and coordinated disclosure is publically released.  This timeframe is extremely vital, as vendors need an adequate timeframe to research, patch, and QA check their proposed solutions.

As I’m sure you all know by now, cyber criminals are quick to adapt new exploit methods and in this case it literally took one day before we started seeing examples being exploited in the wild.   Irresponsible disclosure is a tricky situation for any Anti-Malware company, as our number one duty is to protect our users at any cost.  This is precisely why we develop proactive technologies, which are able to detect and block any type of malicious 0day activity without the need of a signature file.

Here is a video demonstrating TruPrevent’s KRE (Kernel Rule Engine) technology in action:

If you’re interested in learning more about TruPrevent technology, then I recommend reading these two blog posts by our Senior Research Advisor, Pedro Bustamante.