U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

On Saturday Malwarebytes delivered a buggy update that caused excessive memory usage and crashes.

On Saturday Malwarebytes issued a buggy update to its home and enterprise products that caused serious problems for the users, including excessive memory usage, connectivity issues, and in some cases system crashes. A buggy update rolled out over the weekend by Malwarebytes to its home and enterprise products caused serious problem for the users, including […]

malwarebytes buggy update

On Saturday Malwarebytes issued a buggy update to its home and enterprise products that caused serious problems for the users, including excessive memory usage, connectivity issues, and in some cases system crashes.

A buggy update rolled out over the weekend by Malwarebytes to its home and enterprise products caused serious problem for the users, including excessive memory usage, connectivity issues, and in some cases system crashes.

Malwarebytes issued the buggy update on Saturday morning (PST) and according to the security firm the software was only available only for 16 minutes before it removed it.

“On the morning of Saturday, January 27th, 2018 protection update v1.0.3798 was released for all versions of Malwarebytes for Windows. As endpoints updated to this release, customers noticed their machines were reporting many Internet block notifications, and a sudden large increase in RAM usage” reads the Root Cause Analysis published by Malwarebytes.

“There are detection syntax controls in place to prevent such events as the one experienced in this incident. Recently we have been improving our products so that we can show the reason for a block, i.e. the detection “category” for the web protection blocks. In order to support this new feature, we added enhanced detection syntaxes to include the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production.”

malwarebytes buggy update

Some users reported problems to their connections that were blocked by the security software after the installation of the buggy update. Another displeasing problems reported by the users is the abnormal memory usage, the process associated with the application had used up more than 10 Gb of the (RAM), in some cases were also observed system crashes.

http://securityaffairs.co/wordpress/wp-content/uploads/2018/01/malwarebytes buggy update

Malwarebytes confirmed that the broken detection was present in the update version v1.0.3798 thru v1.0.3802. (v2018.01.27.03 – v2018.01.27.11
for MBES customers).

The buggy update was issued to all software versions for Windows, below the list of affected versions:

  • Malwarebytes for Windows Premium
  • Malwarebytes for Windows Premium Trial
  • Malwarebytes Endpoint Security (MBES)
  • Malwarebytes Endpoint Protection (Cloud Console)

The problem was addressed with the v1.0.3803 (v2018.01.27.12 for MBES customers).

Affected users can follow the recovery solutions published by the company to remove the buggy update and install the correct one.

The company remarked that it pushes tens of thousands updates routinely testing each one before it is distributed.

“We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines and will work to ensure that this does not happen again,” Malwarebytes stated following the incident.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – security solution, antivirus)

[adrotate banner=”5″]

[adrotate banner=”13″]