Jump to content

dsanchez

Staff
  • Posts

    12
  • Joined

  • Last visited

Everything posted by dsanchez

  1. Hi @Torvald So sorry to hear that and I hope things go well soon. I have not received the email with the attached files maybe are too big. I think "wetransfer" will be a better idea but no worries at all. Whenever you can make it we will be here to fix the problem. Take care and thank you for all the effort you are making. Best regards
  2. Hi @Torval Thank you for the report you sent us. I would like to know whether word crashes when tries to open the document or not. Windows can generate a crash dump report file when an App crashes by adding this registry key. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps] "DumpFolder"=hex(2):25,00,4c,00,4f,00,43,00,41,00,4c,00,41,00,50,00,50,00,44,00,41,00,54,00,41,00,25,00,5c,00,43,00,72,00,61,00,73,00,68,00,44,00,75,00,6d,00,70,00,73,00,00,00 "DumpCount"=dword:00000032 "DumpType"=dword:00000001 You can open the notepad.exe copy and paste the info above and save the files as dump.reg then you just doble-click on it to add the registry key. You will need to turn the AntiExpoit on and it would be better if you restart you competer before you test the issue again. If word crashes then Windows will generate a crash dump file (in this folder %LOCALAPPDATA%\CrashDump) of the issue that we would dig into it to find the real problem and fix it as soon as posible. you can zip up the genarated files and send them to me to dsanchez@malwarebytes.com Also, if there is no problem to send us the file (or the url) you are trying to open with Word we can also check in our lab and try to repo the issue. sorry for any inconvenience this may cause Many thanks David
  3. Hi @CKMorgus and @hatesallbugs Process Hollowing is already fixed in 1.12.X.124. Could you update to that version? Best regards David Sánchez
  4. Hi all, @Skunk1966 helped us to fix the issue, so as soon as possible the new version will be released for all of you. We really appreciate the kind help offered by @Skunk1966 to solve this issue. Best regards
  5. Hi @RuitBier @Skunk1966 @zubairahmed It seems that Microsoft might have updated something in their Office apps (or Windows) that makes this issue. We are working to fix it as soon as possible. Actually, we do have a new release that gets some extra info from the false positive but nothing related to the user nor to his/her machine. We created this version because we are not able to reproduce the same issue in our lab so far. If you are willing to try this version on your machine and send me back the logs, please drop me an email to dsanchez@malwarebytes.com Thank you David Sánchez
  6. Hi @Skunk1966 Thanks for the information and sorry for any inconvenience you have had, we are working hard to fix the issue as soon as possible. Regards David Sánchez
  7. Hi @AdamM and @DanielC Thank you for letting us know. I checked the issue and fixed it and I am glad to tell you that next release will fix the issue. Best regards David
  8. Hi @zubairahmed Thank you for letting use know. We are currently working on it. However, could you tell me which Office version you are working with? so, we will be able to check your case closely. Best regards Thank you.
  9. Hi @motjr During this month we will release a new version that already fixes that issue. Sorry for any inconveniences. Best regards
  10. Hi Forrest. Thank you for letting use know. I'm personally looking at the issue but please could you tell me the version of Windows too? Best Regards
  11. Hi @AdamM Thank you for letting us know. I will fix it as soon as posible. Instead of disabling the whole protections you might only want to turn the "Memory Patch Hijacking Protection" off in the meantime. Please, let me know if it works for you while we are fixing it. Best regards David Sánchez
  12. Hi @MisterWeather There are some articles on Internet that are a bit misleading because this vuln only affects when the System-wide Mandatory-ASLR configuration is enabled. You might not be affected by it because it is not enabled by default. Although MBAE bottom-up ASLR might help it will depend on whether the operative system takes advantage of MBAE's protection. Of course, that Bottom-up ASLR is another security layer that you might turn it on to protect your shielded application but keep in mind that not all the applications are not compatible with it. Best regards David Sánchez Malwarebytes Anti-Exploit Security Team Senior Security Researcher & Developer
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.