The Technology section is published with the support of Favbet Tech
Greg Linares shared a funny story on X about how he and his teammates announced a major zero-day vulnerability in Office 2007. However, it turned out that it was an error on their part. To save their reputation, their jobs, and maybe even their business, they had to go out of their way to find the real mistake. This happened in late 2006 when Linares was working with digital security firm eEye and they were testing the new Microsoft Office suite for vulnerabilities.
eEye is one of the leading threat management agencies and its task was to check whether the latest version of the office suite had any zero-day flaws. Within 36 hours of launch, Linares discovered a bug in the Word Art object conversion function. He forwarded this finding to his supervisor, Mark Meiffret, who agreed with Linares' discovery and forwarded it to the Microsoft Security Response Center (MSRC). At the same time, eEye published several press releases about the bug, and several major news outlets covered the story based on eEye's announcement.
Im in a half passed out state, filled with delirium, pizza half in my hand barely conscious when I hear a fuzzer really hit
I spill a mountain dew code red while I come back into consciousness
— Greg Linares (Laughing Mantis) (@Laughing_Mantis) June 8, 2024
But soon David LeBlanc, who was one of the main security experts and worked on Office 2007, noticed that the bug could only be exploited if a debugger was attached to the program. But in typical use of a software package by average users, this almost never happens. This meant that Greg Linares' discovery was a false positive, so eEye had to withdraw its ads.
By this time, Greg had been working at eEye for less than two months and was feeling devastated because his mistake could potentially cost the company its reputation and his position in the company. eEye would have to withdraw its announcement.
Online course “Illustration Basis” from Skvot. From software and basics of illustration to the first clients. Adobe Photoshop, Adobe Illustrator and Procreate. Find out how to develop a distinctive brand, find clients and evaluate your work properly. About the course
But Mark had another idea: Instead of retracting the press release, he told the research team to find him a new zero-day bug in Office 2007 as soon as possible. Meanwhile, eEye stalled, telling MSRC that the team had sent the wrong file and would provide an update soon.
So Linares started manually fuzzing—or accidentally inserting invalid and unexpected data—into the Office suite to try to find something. The entire research group helped him in this. None of the team left the office for several days, and their wives and partners were very worried about them. They kept trying until they found another bug to confirm their first announcement.
After four days of various attempts, the bug was finally found and reproduced – a complete overwrite of the extended instruction pointer, which allowed the team to take control of the program. Other team members began looking into the source of the bug and discovered that it affected Microsoft Publisher. After retesting the vulnerability using a debugger and a new operating system, the team confirmed the bug.
The team then reported the new vulnerability to MSRC and conducted full demonstrations of the vulnerability and confirmed their findings to the press. Microsoft then confirmed it, and after that eEye wrote an advisory message about the details of the vulnerability. The company did not have to retract its initial announcement; Greg retained his job at eEye as a security researcher and has been working in the information security industry for nearly 20 years.
Favbet Tech is IT a company with 100% Ukrainian DNA, which creates perfect services for iGaming and Betting using advanced technologies and provides access to them. Favbet Tech develops innovative software through a complex multi-component platform that can withstand enormous loads and create a unique experience for players. The IT company is part of the FAVBET group of companies.