One of the bugs caused by a programming mistake in the AMSI (Anti-malware Scan Interface) has been revealed by Satashi Tanda of CrowdSrike. He has written a detailed study of how AMSI bug can be used by malware to stay hidden from antivirus scans – http://standa-note.blogspot.com/2018/02/amsi-bypass-with-null-character.html.
AMSI is a new feature introduced in Windows 10 that allows all antivirus products to keep a tab on various events and to detect malicious objects. It is mainly used by many antivirus software to initiate a scan of the scripts being run in Windows 10. But AMSI did not take into account the scripts containing a null character and truncated the contents when it encountered the null character before sending it to the antivirus software for scanning. This effectively allowed the malicious script to stay undetected by the antivirus software installed in your PC.
This feature is available only for the Windows 10 users and this is why only Windows 10 users are affected with this vulnerability. This bug affects Microsoft’s own Windows Defender as well as all the third party antivirus products that make use of AMSI feature.
Microsoft has already released a patch to fix this vulnerability in the February 2018 monthly updates. The update is available through both the Windows automatic updates and will be installed automatically in your Windows 10 PC. But you can also download it manually and install it yourself by visiting https://www.catalog.update.microsoft.com/Search.aspx?q=windows%2010%202018-02%20cumulative. You will have to download the security update for your version and architecture of Windows 10.
If you are using an older version of Windows 10, then you may not receive updates in the future. It is recommended by Microsoft that you update your Windows 10 system to the latest Windows 10 version. At this moment the latest version for Windows 10 is version 1709. You can download the latest up-to-date ISO for the Windows 10 version 1709 using the Windows ISO Downloader tool.