Endpoint Security , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development
Malwarebytes Users Battle Botched Protections Update
Bad Update Results in High Memory Usage, Blocked Sites and CrashingMany Malwarebytes users had a busy weekend after a Saturday software update led their Windows systems to experience "out of memory" errors, high memory usage and, in some cases, crashing.
See Also: The Essential Guide to MITRE ATT&CK Round 4
On Sunday, Malwarebytes pushed a fix for the problem. "The root cause of the issue was a malformed protection update that the client couldn't process correctly," Malwarebytes says in a security alert. "We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines and will work to ensure that this does not happen again."
The company says four of its products were affected:
- Malwarebytes for Windows Premium;
- Malwarebytes for Windows Premium Trial;
- Malwarebytes Endpoint Security (MBES);
- Malwarebytes Endpoint Protection (Cloud Console).
The security software company has now issued guidance for consumer users, as well as separate recommendations for on-premises and cloud-based product corporate users, so they can recover their systems and install a version of its updates that doesn't cause system instability.
Malwarebytes says anyone who didn't use their endpoint from Friday until after 11 am U.S. Pacific Time on Saturday will not have downloaded the faulty protection update.
Out-of-Memory Errors
One retail business owner in Scotland who uses Malwarebytes tells Information Security Media Group that the first signs of trouble came when his store's Windows PCs began reporting "out of memory" errors near the end of Saturday business hours. Thankfully, the systems, which handle point-of-sale transactions, could still be used for card payments. But the errors meant that the store lost real-time visibility into transactions.
The business owner says he took to Twitter to attempt to figure out what might be wrong, noting that the Malwarebytes Twitter feed, unhelpfully, hadn't pinned its security alert to the top of its Twitter feed.
But he says he located a blog post from Malwarebytes explaining the problem and how to resolve it, which began by disabling the software's web protection feature. "It advised through a blog post to go into the dashboard, switch off web protection, download the patch and reinstall the software" he says. "But you had to reboot the system two to three times to clear everything out."
Another Malwarebytes user, posting to the company's forums, also reported seeing unexpectedly high memory usage. "I spent a ton of time earlier trying to fix this," the user posted on Sunday. "First real time protection off, and then the memory usage at 95 percent so it was freezing my system. Nice to read it now, wish there was something earlier."
Malwarebytes Apologizes
Malwarebytes has apologized for the bungled update. "All our updates go through rigorous internal testing, note our team is investigating what happened and will inform you," the company tweets. "We're sorry for any inconvenience this caused."
If you're experiencing any issues w/ your #Malwarebytes, pls follow the steps in this blog. All our updates go through rigorous internal testing, note our team is investigating what happened & will inform you. We're sorry for any inconvenience this caused: https://t.co/17Ycwp752c pic.twitter.com/kcmijP77sG
— Malwarebytes (@Malwarebytes) January 28, 2018
The security firm says the bungled update began with protection update version 1.0.3798, released Saturday for all versions of Malwarebytes for Windows.
"As endpoints updated to this release, customers noticed their machines were reporting many internet block notifications and a sudden large increase in RAM usage," the company says, adding that its customer service team immediately notified its engineering and research groups, which began investigating and quickly disabled the security update to try and limit the problem.
"A review of recent updates found that we had included in the Web Filtering Block List a detection with a syntactical error that resulted in the Web Filtering System to block a large range of IPs," Malwarebytes says.
The security firm says the problem was present in its protection updates, versions 1.0.3798 thru v1.0.3802 - or for MBES customers, v2018.01.27.03 through v2018.01.27.11. The problem was resolved with the release of protection update v1.0.3803, or for MBES customers, v2018.01.27.12.
Malwarebytes says its investigation into the flubbed update "will result in identification and implementation of changes to the release process of these detections, specifically - but not limited to - stricter verification and validation of detection syntax and scope."