It is not the first time that a security flaw in the anti-malware module of Windows 10 endangers the security of users. Without going any further, last December of 2017, the tech giant Microsoft announced the release of an important security patch to correct a security flaw in the Windows 10 anti-malware engine. Now, the tech giant Microsoft is back in the mouth of security experts for a new security flaw related to its anti-malware software in the latest version of its operating system. On this occasion, the security flaw lies in the Anti-Malware Scan Interface (AMSI) component of Windows 10. The AMSI module allows an application to send any file to be scanned with a local antivirus (either Windows Defender or any other third-party antivirus installed in the system) and receives the results once analyzed. Although this tool can be used to analyze any type of file, that the tech giant Microsoft designed it thinking especially to analyze PowerShell, VBScript and Ruby typescript, among others, which can easily include functions to evade conventional analysis systems of the antivirus.
Anti-Malware Scan Interface stops scanning a script after a NULL character
As security experts have shown, the flaw in Windows Defender finds that this scanning engine starts to analyze any file or script but, when it encounters a NULL character, the scanning engine stops analyzing the script, giving it for good.
In this way, hackers could hide all the malicious code below this NULL character so that, even if the script is analyzed, the malicious code goes unnoticed and is not detected.
How to protect ourselves from this security flaw in Windows 10
The tech giant Microsoft was already aware of this security breach for some time, and therefore, with the release of the last security patches last week, the company addressed and solved the vulnerability described above. Therefore, to protect ourselves from this security flaw, what we must do is make sure that our Windows 10 is updated with the latest security patches available, specifically the security patches of February 2019. If these new updates were installed, we would not have to worry about, since the fault will have been solved. If we have not yet installed the latest Windows 10 updates, then we must do it as soon as possible in order to remain safe and prevent malware from endangering our security. Installing the patch is the only way to protect ourselves from this failure, there is no other option is available. In addition, security experts recommend that the engineers of the main antivirus market review their security systems to verify that, like the tech giant Microsoft’s anti-malware, they do not stop analyzing scripts after arriving at a NULL character0 So, what do you think about this? Simply share all your views and thoughts in the comment section below.