How Microsoft is fixing Windows 10 memory bugs

Don Sharpe
by Don Sharpe
Author
Loading Comments
Download PDF
Affiliate Disclosure

  • Microsoft has explained how it uses automatic memory initialization to fix specific Windows 10 memory bugs.
  • The InitAll security feature auto-initiates certain variable types.
  • Check out our security page to learn more about software/hardware bugs and their fixes.
  • Don't forget to visit our Windows 10 section for the latest updates.
Windows 10 flaws

Microsoft has explained how it uses automatic memory initialization to fix specific Windows 10 memory bugs. The vulnerabilities in question have been on the rise lately, especially in software developed using C or C++.

Windows 10 memory bugs

The problem with uninitialized memory is that there is no telling the true nature of the values it contains. Malicious actors can exploit it to cause harm, such as the breach of confidentiality or data theft.

Not all programming languages, for example, C++, make memory initialization mandatory. Their creators did not have bad intentions, though.

They just wanted to create a performance-oriented resource, and also to give programmers a bit of leeway.

The flipside of it is the Windows 10 memory bugs Microsoft has been trying to eliminate. The company said that these types of problems constituted 5-10% of the security issues it dealt with between 2017 and 2018.

Automatic initialization

Microsoft developed InitAll as a tool for enforcing automatic memory initialization. The security feature targets data structures, arrays, and scalars.

According to the company, the following components are subject to automatic initialization:

  1. All kernel-mode code (i.e. anything compiled with /KERNEL) in the Windows code repository
  2. All Hyper-V code (hypervisor, kernel-mode components, user-mode components)
  3. A variety of other projects such as networking related user-mode services

Enforcing memory initialization for kernel-mode code is certainly a welcome idea. In the hands of a bad actor, such low-level system instructions or programs can cause a lot of havoc.

Due to performance issues, Microsoft said that InitAll does not apply to all variable types, yet.

Methods that did not work

Microsoft has deployed static methods to detect uninitialized variables. These have not always snuffed out all threats. Also, fuzzy techniques are not ideal, especially when you are probing a massive system, such as the Windows OS.

Code review does not work either. For starters, it is prone to error. Secondly, it is difficult to scale.

Hopefully, Microsoft will perfect the InitAll feature soon enough to fix all Windows 10 memory bugs.

You can always get back to us with any questions or suggestions in the comments section below.