Microsoft arms against PUA attack and represents an in-built protection feature with the upcoming May 2020 (v2004) update
Microsoft introduces Windows 10 users with a new security feature allowing them to protect PCs from Potentially Unwanted Programs (PUP). The company officially introduced the feature on May 12, 2020, on the Microsoft Support website and expects that the security features will successfully unravel with the upcoming Windows 10 May 2020 update.
In the cybersecurity world, the term Potentially Unwanted Application (PUA) or PUP is less know if compared to viruses, trojan, RAT, or spyware. And that is understandable. PUA group of programs are non-malicious cyber infections and the classification is mainly reputation-based.
Applications are internationally classified as PUPs due to misleading behavior, such as bundling distribution, disguised installation setup, advertising content, or unauthorized changes within a web browser.
This feature has been present on Windows Defender for many years, though enabling it required modifications to the group policies. The current PUA block feature will be present on Windows 10 settings under the following patch:
Settings > Update & Security > Windows Security > App & browser control > Reputation-based protection settings
The application is turned off by default. Those who want to keep PCs and other Windows 10 devices PUA-free will have to enable it once the Windows 10 May 2020 (v2004) version gets installed.
The PUA block feature allows blocking downloads and apps. However, real-time PUA protection feature works with the new Chromium-based Microsoft Edge browser only. The user can enable settings on edge://settings/privacy to program Edge detect and block PUA download process.
While the lock download function is available since March 2020, block apps function is an addition to ensure PUA protection for those who are using other web browsers than Microsoft Edge. When enabled, the feature makes the Windows Security system to display an alert warning about a recent PUA installation.
Increase in vulnerability and other side effects that potentially unwanted programs cause
The word 'potential' in the term Potential Unwanted Application indicates a low-danger level of the software. However, AV vendors include certain programs into the database of PUA since they tend to affect endpoint performance and may sometimes serve as a backdoor for viruses.
Microsoft separates cyber threats into two huge groups, i.e. malicious software and unwanted software. A program has to exhibit the following behavioral traits to fall for the PAU category and AV database:
- Lack of choice. The software fails to provide prominent notices about its installation and performance
- Lack of control. The software revokes authorization on the system and allows itself to start, stop, or otherwise perform without permission
- No direct uninstaller. No straightforward way to uninstall the software. No standard Add/Remove Programs feature
- Aggressive advertising. Ads triggered by software must be signed and have a way to close them. Ads should not mislead, contain malicious codes or invoke file downloads
- Poor reputation among users. Based on users' reviews the company creates Security intelligence for software that meets the above criteria and includes it in the Windows Defender antimalware database.
The truth is that there are many innocent PUA that does as much as spread bundled with freeware. However, there are many aggressive adware-type or browser hijacker-type malware that has behaviors or aspects that can entice users into installing another unwanted application or even virus. PUA may sometimes display aggressive ads, redirect to phishing domains, implement social engineering strategies that seek to harvest user's personal information (via rogue online surveys and prize giveaways), and, in general, affect endpoint performance.
Having PUA on the system decreases performance due to multiple additional background processes and increases PC's vulnerability at the same time. Redirects to rogue websites, tech-support scams, fake software updates, click-to-download ads, and similar means employed by many PUAs may result in accidental virus execution.
Microsofts addresses 111 vulnerabilities for May Patch Tuesday
In addition to the realization of setting changes and new features, the latest May Patch Tuesday update released fixes for 111 security vulnerabilities. According to the company, 96 important vulnerabilities and 16 critical bugs. Good to know that none of the critical vulnerabilities have been exploited for cyber attacks.
The update released at the beginning of May patches the following:
- CVE-2020-1117 Microsoft Color Management Remote Code Execution Vulnerability
- CVE-2020-1126, CVE-2020-1028, CVE-2020-1136, and CVE-2020-1150 | Media Foundation Memory Corruption Vulnerability
- CVE-2020-1118 | Microsoft Windows Transport Layer Security Denial of Service Vulnerability
- CVE-2020-1023 and CVE-2020-1024 | Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2020-1069 | Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2020-1054 and CVE-2020-1143 | Win32k Elevation of Privilege Vulnerability
- CVE-2020-1135 | Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2020-0901 | Microsoft Excel Remote Code Execution Vulnerability
- CVE-2020-1171 and CVE-2020-1192 | Visual Studio Code Python Extension Remote Code Execution Vulnerability
- CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability
These are the critical vulnerabilities that feature a high risk of exploitation by criminals. Therefore, since the May 2020 update, aka Windows 10 20H1 and Windows 10 build 2004 has already started rolling out in phases, users can try to Check for Updates option right now. The update is expected to reach all end-users after the May 28th. If the system is set to download updates automatically, no extra steps have to be taken for the update installation.