Microsoft open-sources fuzzing tool used for bug-ridden Windows 10

Developers can access the vulnerability detection tool through Github as Microsoft shifts away from its legacy scheme

Microsoft has publicly released the vulnerability testing tool it uses to detect bugs in its flagship products including the Windows 10 operating system, which has been blighted with glitches in recent months.

After previously revealing it would replace its existing software testing programme, known as Microsoft Security and Risk Detection, Microsoft has made its automated and open source tool available through Github for developers around the world. 

This transition to fuzzing, dubbed Project OneFuzz, sits in line with the wider industry’s movement to this method of vulnerability detection. Google, for example, has deployed fuzzing for some time, and even launched a Fuzzing benchmarking tool in March this year for developers to compare the viability of different services.

The technique is known to be a highly effective method for raising the level of security and reliability of native code, and involves developers feeding random excerpts of programming into a bug detection engine.

Project OneFuzz is an extensive fuzz testing framework that can be deployed through the Azure public cloud, and is the same testing framework used to detect bugs in various Microsoft products including Windows, Edge and other projects.

“Microsoft’s goal of enabling developers to easily and continuously fuzz test their code prior to release is core to our mission of empowerment,” said Microsoft Security’s principal security software engineer lead Justin Campbell and senior director for special projects management Mike Walker.

“The global release of Project OneFuzz is intended to help harden the platforms and tools that power our daily work and personal lives to make an attacker’s job more difficult.

Recent advancements have transformed the security engineering tasks involved in fuzz testing native code, with several useful functionalities including crash detection, coverage tracking and input harnessing now baked into fuzzing.

Project OneFuzz has already allowed developers to continuously scan Windows operating system builds for errors and harden updates prior to launch, Microsoft claims. Windows 10, however, has suffered from recent waves of glitches and bugs, particularly as a result of both major and minor updates. 

Windows 10’s May 2020 Update, for example, has produced a litany of issues for users of all varieties over the last few months, ranging from strange networking and connectivity issues to problems affecting Lenovo devices specifically.

Related Resource

Why containerisation needs context

The problems with infrastructure monitoring in the age of Kubernetes

Download now

The latest Patch Tuesday, too, saw Microsoft release 129 fixes across its various products including 23 patches for critical flaws, signalling that big updates have become the new normal for the Windows developer.

Microsoft would hope that the continued deployment of Project OneFuzz would eventually begin to iron out errors and bugs prior to patches and updates being released. 

Project OneFuzz gives developers the capability to launch fuzz jobs running from a few virtual machines to thousands of cores. Features include composable fuzzing workloads, built-in ensemble fuzzing, on-demand live-debugging of crashes, and crash reporting notification callbacks, among many others.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

How to factory reset Windows 10
operating systems

How to factory reset Windows 10

4 Mar 2020
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021

Most Popular

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021